Overview

overview

10

Static

static

10

e5b17b3141...86.exe

windows7-x64

10

e5b17b3141...86.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2024 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe

  • Size

    78KB

  • MD5

    01b075cedab74a0f623d7abcdafa154b

  • SHA1

    619765462856c6684f8e05e30db656cfa4597fc6

  • SHA256

    e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586

  • SHA512

    a2b713755d1b42b1b10f0181857d6164b801e8213c28eb5a1e9f617e15bd94006b981a3c22c7d1b86bf7557079311351f17fdaa3f3e436b990454b9d6879fa82

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPICL:5Zv5PDwbjNrmAE+AICL

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyNDc1OTk0MjMxODEyOTIzMw.Gz9uGb.wx8CPvYFOhJ1PZtR5rQeXTQjzkEGdhAAgN10rc

  • server_id

    977774990676095038

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe
    "C:\Users\Admin\AppData\Local\Temp\e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1260 -s 596
      2⤵
        PID:1700

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1260-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1260-1-0x000000013F2B0000-0x000000013F2C8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1260-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1260-3-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

      Filesize

      9.9MB

      Download