discordrat | 64c4cb4614d5870771cf59554e7332d5ec4c77aca174e10f8567a75f16aeecee | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 17:54

Sharing

Report Analysis Logs

General

Target

CoolCar.png.exe
Size

78KB
MD5

26bbe8da36187e681251e537ee02a5d6
SHA1

72f37404ebe8c740b5b66b00770a1bec23801171
SHA256

64c4cb4614d5870771cf59554e7332d5ec4c77aca174e10f8567a75f16aeecee
SHA512

a6cd581dc302119bca3f8481f7b79f02164490f3baeb49c74f78cc739c15c3538eefe59d4cf8b6338b93f53e1fa8dc40c1ba3b12c2020c83649584f55964313d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxODczNjUwNzU4NjIyMDA4NA.GBEWK9.B_HF2HutCcnkHI0nA0ISUDKNYU8Or_bTyOcliY
server_id
1318726003320950815

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2236	2244	CoolCar.png.exe	30
PID 2244 wrote to memory of 2236	2244	CoolCar.png.exe	30
PID 2244 wrote to memory of 2236	2244	CoolCar.png.exe	30

C:\Users\Admin\AppData\Local\Temp\CoolCar.png.exe
"C:\Users\Admin\AppData\Local\Temp\CoolCar.png.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2244 -s 596
  2⤵
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2244-0-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x000000013F700000-0x000000013F718000-memory.dmp

Filesize
96KB

Download
memory/2244-2-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/2244-3-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download