discordrat | 938c2eb722a3b1ad48d3fb6bf74938fe98256ffe55db0a5be224f86f67b48263

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 17:48

Target

api.exe
Size

78KB
MD5

406dbaccdcd62583619a724b7885958d
SHA1

71817181337169472237d20f2527ac5bf093ddd0
SHA256

938c2eb722a3b1ad48d3fb6bf74938fe98256ffe55db0a5be224f86f67b48263
SHA512

d0561b7bfdf912c50a553e92fcec952c0f1d5bc56bf506683601cfa52975d0f5e99928f109ca77702f299013f740bf95bf3a0762355c2ad5e0bfe23bb88094ba
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMyMjI1MzM2NDU1MzE4NzM2OQ.GVCXSy.w0dE2BG4BS8aXMOYgU7CJDrRVaNjbjTCR5MqHI
server_id
1322247001022398504

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2760	2260	api.exe	30
PID 2260 wrote to memory of 2760	2260	api.exe	30
PID 2260 wrote to memory of 2760	2260	api.exe	30

C:\Users\Admin\AppData\Local\Temp\api.exe
"C:\Users\Admin\AppData\Local\Temp\api.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2260 -s 596
  2⤵
  PID:2760

memory/2260-0-0x000007FEF54C3000-0x000007FEF54C4000-memory.dmp

Filesize
4KB

Download
memory/2260-1-0x000000013F680000-0x000000013F698000-memory.dmp

Filesize
96KB

Download
memory/2260-2-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

Filesize
9.9MB

Download
memory/2260-3-0x000007FEF54C3000-0x000007FEF54C4000-memory.dmp

Filesize
4KB

Download
memory/2260-4-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

Filesize
9.9MB

Download
memory/2260-5-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

Filesize
9.9MB

Download