discordrat | e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/12/2024, 11:05 UTC

Target

e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe
Size

78KB
MD5

01b075cedab74a0f623d7abcdafa154b
SHA1

619765462856c6684f8e05e30db656cfa4597fc6
SHA256

e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586
SHA512

a2b713755d1b42b1b10f0181857d6164b801e8213c28eb5a1e9f617e15bd94006b981a3c22c7d1b86bf7557079311351f17fdaa3f3e436b990454b9d6879fa82
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPICL:5Zv5PDwbjNrmAE+AICL

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIyNDc1OTk0MjMxODEyOTIzMw.Gz9uGb.wx8CPvYFOhJ1PZtR5rQeXTQjzkEGdhAAgN10rc
server_id
977774990676095038

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1700	1260	e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe	30
PID 1260 wrote to memory of 1700	1260	e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe	30
PID 1260 wrote to memory of 1700	1260	e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe	30

C:\Users\Admin\AppData\Local\Temp\e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe
"C:\Users\Admin\AppData\Local\Temp\e5b17b3141c14d41664d0ff5b04d65f6a4688ba092477c156d47b0e99ddfb586.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1260 -s 596
  2⤵
  PID:1700

memory/1260-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

Filesize
4KB

Download
memory/1260-1-0x000000013F2B0000-0x000000013F2C8000-memory.dmp

Filesize
96KB

Download
memory/1260-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download
memory/1260-3-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download