Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-12-2024 23:31
Behavioral task
behavioral1
Sample
Discordrat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Discordrat.exe
Resource
win10v2004-20241007-en
General
-
Target
Discordrat.exe
-
Size
94KB
-
MD5
6f1c3ac58e43e1b747d27a93a55da406
-
SHA1
618cc62c82aa567ba64ccdf0ac502adf7a88192f
-
SHA256
9284d1e75a0b5d6fb4b0b0bf9efafab147f83dc2a425cf8df49da5dbac5dc784
-
SHA512
28043448ae926a1cdd1a919ecff16268d890d77b72c3ef3871cf7612a31666db8cde9db20992e9364bfddbcd220c309c8f9bc6ec7e46aeb639c08c4098722ecd
-
SSDEEP
1536:66BxWNm6REP+bp/csCi7OFZ+Aqbd6btyRe46xbVXPrG+czxCxoKV6+UFU19:6vcK7+ZD/txbVXPrG+0NFUj
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule behavioral1/memory/3036-1-0x000000013FAB0000-0x000000013FACC000-memory.dmp disable_win_def -
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3036 wrote to memory of 3060 3036 Discordrat.exe 30 PID 3036 wrote to memory of 3060 3036 Discordrat.exe 30 PID 3036 wrote to memory of 3060 3036 Discordrat.exe 30