discordrat | e598f3fec998711e35ed821cedb3b8d283e30bb7525aed8d0cb477b6d613a3e3 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 18:32

Sharing

Report Analysis Logs

General

Target

sigmaniggers.exe
Size

78KB
MD5

a3e9e495a9488b8ec9f105db563ccacc
SHA1

95d3f9ccfe590bbbd1f3bd0dcea4eadc97c9d32d
SHA256

e598f3fec998711e35ed821cedb3b8d283e30bb7525aed8d0cb477b6d613a3e3
SHA512

95447cea4f1e72a4ac8ce0fcf8ec8577454ea31fbbe9717876766471753ec6afab827945f904076f4643e0052b566b2589e50d9f1593c1ab31ee603a9bca6ade
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzkyMDI3NDcwNzkxMDY4Nw.G6Emcw.GIOn85p-jJI66t4-VKX-i73GoQP_lQ7lFdzafw
server_id
1307731833890275418

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2060	2420	sigmaniggers.exe	30
PID 2420 wrote to memory of 2060	2420	sigmaniggers.exe	30
PID 2420 wrote to memory of 2060	2420	sigmaniggers.exe	30

C:\Users\Admin\AppData\Local\Temp\sigmaniggers.exe
"C:\Users\Admin\AppData\Local\Temp\sigmaniggers.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2420 -s 600
  2⤵
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-0-0x000007FEF64F3000-0x000007FEF64F4000-memory.dmp

Filesize
4KB

Download
memory/2420-1-0x000000013F2F0000-0x000000013F308000-memory.dmp

Filesize
96KB

Download
memory/2420-2-0x000007FEF64F0000-0x000007FEF6EDC000-memory.dmp

Filesize
9.9MB

Download
memory/2420-3-0x000007FEF64F0000-0x000007FEF6EDC000-memory.dmp

Filesize
9.9MB

Download