discordrat | a9a9c93050215054b78f235c5f8169bc7f94524ac8f31233d6848e2b291b2ec6 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 19:47

Sharing

Report Analysis Logs

General

Target

freenitro.exe
Size

78KB
MD5

b58f8ad5ecec74a0a9c6e1366927ff20
SHA1

9d0a89cf9c29a34190ddc969cf83aa68f8a0b375
SHA256

a9a9c93050215054b78f235c5f8169bc7f94524ac8f31233d6848e2b291b2ec6
SHA512

d24fbc4dfa4eb333f2d18689ec711c629c580956653624d66068b161f864cdbdc52d4952b017238a2a42287a15c05455a7627ab6f8252af2b364559306b7ee51
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+MPIC:5Zv5PDwbjNrmAE+gIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzE1MTMxMDMxMDY3NDQ1Mw.Gq-B5x.yAU663nmqjWG6nu7dT187nxcCqhsp-ardUfoX8
server_id
1317163923350487151

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2204	2100	freenitro.exe	30
PID 2100 wrote to memory of 2204	2100	freenitro.exe	30
PID 2100 wrote to memory of 2204	2100	freenitro.exe	30

C:\Users\Admin\AppData\Local\Temp\freenitro.exe
"C:\Users\Admin\AppData\Local\Temp\freenitro.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2100 -s 600
  2⤵
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2100-0-0x000007FEF6183000-0x000007FEF6184000-memory.dmp

Filesize
4KB

Download
memory/2100-1-0x000000013F390000-0x000000013F3A8000-memory.dmp

Filesize
96KB

Download
memory/2100-2-0x000007FEF6180000-0x000007FEF6B6C000-memory.dmp

Filesize
9.9MB

Download
memory/2100-3-0x000007FEF6180000-0x000007FEF6B6C000-memory.dmp

Filesize
9.9MB

Download