discordrat | 7baa6e67b7c8b888cbe2d58f9b8739de06f51ae68c664f10dfe3b3b85fe83554

Analysis

max time kernel
30s
max time network
31s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-12-2024 08:09

Target

Aimbothead_Cracked_By_Realpro.exe
Size

78KB
MD5

39acadcc193ebcccf21bdb09b9f3a70d
SHA1

e22021bdc3ec25b4ea9bafa70ebb6c73e5c8c022
SHA256

7baa6e67b7c8b888cbe2d58f9b8739de06f51ae68c664f10dfe3b3b85fe83554
SHA512

fdf9e1d5bdb1825f662e273f297cafedf90431f34f0723bdc5c68057f73f3293a908f0ab8078a8815acf64528016b149a666560743f2b793d674dafa5ed8a7c6
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+zPIC:5Zv5PDwbjNrmAE+rIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NTE0NzU4MDU1MjEyMjM2OA.GZN815.DNpkIdOQxhwUbe0l3fisgDEqU1XEGJM9TLbsUw
server_id
1286403877725540385

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3788	Aimbothead_Cracked_By_Realpro.exe

C:\Users\Admin\AppData\Local\Temp\Aimbothead_Cracked_By_Realpro.exe
"C:\Users\Admin\AppData\Local\Temp\Aimbothead_Cracked_By_Realpro.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3788

memory/3788-0-0x00007FFEAB903000-0x00007FFEAB905000-memory.dmp

Filesize
8KB

Download
memory/3788-1-0x0000026DB60D0000-0x0000026DB60E8000-memory.dmp

Filesize
96KB

Download
memory/3788-2-0x0000026DD0730000-0x0000026DD08F2000-memory.dmp

Filesize
1.8MB

Download
memory/3788-3-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/3788-4-0x0000026DD0F70000-0x0000026DD1498000-memory.dmp

Filesize
5.2MB

Download
memory/3788-5-0x00007FFEAB903000-0x00007FFEAB905000-memory.dmp

Filesize
8KB

Download
memory/3788-6-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download