discordrat | 6e0ccf85a77e2ed432dd35683bc7e9db6b5800cba93a62f04d4dfea4a3c76f21 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 21:06

Sharing

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

78KB
MD5

8e1f097cac8309eccb4f81da4c367418
SHA1

9875c8339ddf3c36e15e484b2b75d50c7ef4e65c
SHA256

6e0ccf85a77e2ed432dd35683bc7e9db6b5800cba93a62f04d4dfea4a3c76f21
SHA512

ba426cac8ae7768d3911d16eb8b4184791b0c5fa3ab19f296652279ca22189667b2f07940fa0a6f4a3c1eccfdf5ab8f51e04351441a0cbbd86da6783cf07a83c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+rjPIC:5Zv5PDwbjNrmAE+r7IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEyMDczNzY4NDM4MjU1MjA2NA.GqeNXo.Vqt5HQ-dnI6PSE8IQzxqlxA3lYPJ4uVz64whlg
server_id
1120739951458406541

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2116	2132	Bootstrapper.exe	31
PID 2132 wrote to memory of 2116	2132	Bootstrapper.exe	31
PID 2132 wrote to memory of 2116	2132	Bootstrapper.exe	31

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2132 -s 596
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2132-0-0x000007FEF6723000-0x000007FEF6724000-memory.dmp

Filesize
4KB

Download
memory/2132-1-0x000000013F4E0000-0x000000013F4F8000-memory.dmp

Filesize
96KB

Download
memory/2132-2-0x000007FEF6720000-0x000007FEF710C000-memory.dmp

Filesize
9.9MB

Download
memory/2132-3-0x000007FEF6720000-0x000007FEF710C000-memory.dmp

Filesize
9.9MB

Download