discordrat | e598f3fec998711e35ed821cedb3b8d283e30bb7525aed8d0cb477b6d613a3e3

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 18:32

Target

sigmaniggers.exe
Size

78KB
MD5

a3e9e495a9488b8ec9f105db563ccacc
SHA1

95d3f9ccfe590bbbd1f3bd0dcea4eadc97c9d32d
SHA256

e598f3fec998711e35ed821cedb3b8d283e30bb7525aed8d0cb477b6d613a3e3
SHA512

95447cea4f1e72a4ac8ce0fcf8ec8577454ea31fbbe9717876766471753ec6afab827945f904076f4643e0052b566b2589e50d9f1593c1ab31ee603a9bca6ade
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMxNzkyMDI3NDcwNzkxMDY4Nw.G6Emcw.GIOn85p-jJI66t4-VKX-i73GoQP_lQ7lFdzafw
server_id
1307731833890275418

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2488	sigmaniggers.exe

C:\Users\Admin\AppData\Local\Temp\sigmaniggers.exe
"C:\Users\Admin\AppData\Local\Temp\sigmaniggers.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2488

memory/2488-0-0x00007FFB39E23000-0x00007FFB39E25000-memory.dmp

Filesize
8KB

Download
memory/2488-1-0x00000144D4490000-0x00000144D44A8000-memory.dmp

Filesize
96KB

Download
memory/2488-2-0x00000144EEA90000-0x00000144EEC52000-memory.dmp

Filesize
1.8MB

Download
memory/2488-3-0x00007FFB39E20000-0x00007FFB3A8E1000-memory.dmp

Filesize
10.8MB

Download
memory/2488-4-0x00000144EF290000-0x00000144EF7B8000-memory.dmp

Filesize
5.2MB

Download
memory/2488-5-0x00007FFB39E23000-0x00007FFB39E25000-memory.dmp

Filesize
8KB

Download
memory/2488-6-0x00007FFB39E20000-0x00007FFB3A8E1000-memory.dmp

Filesize
10.8MB

Download