Overview

overview

10

Static

static

10

client.exe

windows7-x64

10

client.exe

windows10-2004-x64

10

client.exe

windows10-ltsc 2021-x64

10

client.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2024 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client.exe

  • Size

    78KB

  • MD5

    52a3c7712a84a0f17e9602828bf2e86d

  • SHA1

    15fca5f393bc320b6c4d22580fe7d2f3a1970ac2

  • SHA256

    afa87c0232de627e818d62578bde4809d8d91a3021bc4b5bdb678767844e2288

  • SHA512

    892e084cfe823d820b00381625edda702a561be82c24a3e2701a1b2a397d4fc49e45ca80ac93a60d46efc83b224a6dc7ea1ea85f74ee8a27220a666b3f7ebfac

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+mPIC:5Zv5PDwbjNrmAE+CIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNTQxMDg0NDg3NTQ4OTI4MA.Gx5ptK.HY1OYsjGMP1MsOoyD2E7T9pCvkfHTdOPozmb_c

  • server_id

    1315411300192616569

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\client.exe
    "C:\Users\Admin\AppData\Local\Temp\client.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2248 -s 596
      2⤵
        PID:2052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2248-0-0x000007FEF64B3000-0x000007FEF64B4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2248-1-0x000000013F120000-0x000000013F138000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2248-2-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2248-3-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

      Filesize

      9.9MB

      Download