discordrat | c6d181316a032547611b42cf657440444b94d57509262f2e11b29212c31642f9

Analysis

max time kernel
100s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 17:56

Target

KINGDOM/CE_punch.exe
Size

78KB
MD5

8830b86f6d0f948239faede686f17a90
SHA1

aad1f9d169f47d3fdc3cbf72b148e9e579972376
SHA256

6cfa953a75f49a0c2b10dde540e925097c9fd9c6eac3dc3383da59fa1c122c00
SHA512

3b3ccb74da1e172c6f1ae08fe02669dafa9f946730574ecd10f1187776b3c3917efaaf56814ef8fca42c8c2c7c38425bdc27062d7589a102077755f270cdb2c4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE5ODU2NTc1MDg2OTM0ODQ4Nw.GEaDVF.SoDWe_1YPV_HyqdlifJ_rW_Ht63qAP64AVKB3A
server_id
1178732805065281556

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2844	CE_punch.exe

C:\Users\Admin\AppData\Local\Temp\KINGDOM\CE_punch.exe
"C:\Users\Admin\AppData\Local\Temp\KINGDOM\CE_punch.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2844

memory/2844-0-0x00007FFE3D2D3000-0x00007FFE3D2D5000-memory.dmp

Filesize
8KB

Download
memory/2844-1-0x000001D886020000-0x000001D886038000-memory.dmp

Filesize
96KB

Download
memory/2844-2-0x000001D8A06D0000-0x000001D8A0892000-memory.dmp

Filesize
1.8MB

Download
memory/2844-3-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/2844-4-0x000001D8A0F10000-0x000001D8A1438000-memory.dmp

Filesize
5.2MB

Download
memory/2844-5-0x00007FFE3D2D3000-0x00007FFE3D2D5000-memory.dmp

Filesize
8KB

Download
memory/2844-6-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download