discordrat | c6d181316a032547611b42cf657440444b94d57509262f2e11b29212c31642f9

Analysis

max time kernel
97s
max time network
209s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-12-2024 17:49

Target

KINGDOM/CE_punch.exe
Size

78KB
MD5

8830b86f6d0f948239faede686f17a90
SHA1

aad1f9d169f47d3fdc3cbf72b148e9e579972376
SHA256

6cfa953a75f49a0c2b10dde540e925097c9fd9c6eac3dc3383da59fa1c122c00
SHA512

3b3ccb74da1e172c6f1ae08fe02669dafa9f946730574ecd10f1187776b3c3917efaaf56814ef8fca42c8c2c7c38425bdc27062d7589a102077755f270cdb2c4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE5ODU2NTc1MDg2OTM0ODQ4Nw.GEaDVF.SoDWe_1YPV_HyqdlifJ_rW_Ht63qAP64AVKB3A
server_id
1178732805065281556

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4548	CE_punch.exe

C:\Users\Admin\AppData\Local\Temp\KINGDOM\CE_punch.exe
"C:\Users\Admin\AppData\Local\Temp\KINGDOM\CE_punch.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4548

memory/4548-0-0x00007FFDEA363000-0x00007FFDEA365000-memory.dmp

Filesize
8KB

Download
memory/4548-2-0x000001A274980000-0x000001A274B42000-memory.dmp

Filesize
1.8MB

Download
memory/4548-1-0x000001A25A2D0000-0x000001A25A2E8000-memory.dmp

Filesize
96KB

Download
memory/4548-3-0x00007FFDEA360000-0x00007FFDEAE22000-memory.dmp

Filesize
10.8MB

Download
memory/4548-4-0x000001A275180000-0x000001A2756A8000-memory.dmp

Filesize
5.2MB

Download
memory/4548-5-0x00007FFDEA363000-0x00007FFDEA365000-memory.dmp

Filesize
8KB

Download
memory/4548-6-0x00007FFDEA360000-0x00007FFDEAE22000-memory.dmp

Filesize
10.8MB

Download