discordrat | 0917c5da516020e72dc27b1c731723fd3ec6667b4f0c4ef2755e1c39b7f2b626 | Triage

Resubmissions

26-12-2024 02:51

241226-dcejkavnex 10

Analysis

max time kernel
841s
max time network
842s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 02:51

Sharing

Report Analysis Logs

General

Target

fixedbotnet.exe
Size

78KB
MD5

4dcaad8aaf5a96198f7a6e7ed8e370e9
SHA1

2c0637216a17bcf87636e8a1968e371b7e90ba6f
SHA256

0917c5da516020e72dc27b1c731723fd3ec6667b4f0c4ef2755e1c39b7f2b626
SHA512

a9e381f3d21f9db22286e9e3e8a8b7af1ffd6967a44be00e8226d1eefa52d420bbf5fd2b0fe17ca8f43acb2001019d4942b8c026c17471a7463b58cd51679654
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxOTgzODgzNzk3MDgyOTM1Mw.G15bFE.buKTPu-i9rZJyohew9QrmkA3ja15UUEJ2GTDqQ
server_id
1303174293991063612

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2092	2344	fixedbotnet.exe	30
PID 2344 wrote to memory of 2092	2344	fixedbotnet.exe	30
PID 2344 wrote to memory of 2092	2344	fixedbotnet.exe	30

C:\Users\Admin\AppData\Local\Temp\fixedbotnet.exe
"C:\Users\Admin\AppData\Local\Temp\fixedbotnet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2344 -s 596
  2⤵
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-0-0x000007FEF67F3000-0x000007FEF67F4000-memory.dmp

Filesize
4KB

Download
memory/2344-1-0x000000013F310000-0x000000013F328000-memory.dmp

Filesize
96KB

Download
memory/2344-2-0x000007FEF67F0000-0x000007FEF71DC000-memory.dmp

Filesize
9.9MB

Download
memory/2344-3-0x000007FEF67F0000-0x000007FEF71DC000-memory.dmp

Filesize
9.9MB

Download