discordrat | 69905033a2fcc7f0a7cfc61144662aec065747b7de7ab058bcd31ccf17141f78

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 16:04

Target

SynapseZ.exe
Size

78KB
MD5

ff4f53a40d6a36e2229dabdf8ebf8783
SHA1

24dee4eac38ef44f23a4c62a302df1a79ac915a2
SHA256

69905033a2fcc7f0a7cfc61144662aec065747b7de7ab058bcd31ccf17141f78
SHA512

c8f449aaecbc2dfe26b11beab9ff2cba60b085561f01a42b7a4e0aa82ff218218a2443c522b4e13b67c329a0cb57a9cf2ee9f12f44996f8793f06f68506f1164
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+k0PIC:5Zv5PDwbjNrmAE+koIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMyMjU0NDU1ODc4OTA5OTU5NA.GWlmrO.9e2PL6twD23RSJ7qs004Hme_hrJkg2H5IxHDA8
server_id
1320699635127550014

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3032	2076	SynapseZ.exe	30
PID 2076 wrote to memory of 3032	2076	SynapseZ.exe	30
PID 2076 wrote to memory of 3032	2076	SynapseZ.exe	30

C:\Users\Admin\AppData\Local\Temp\SynapseZ.exe
"C:\Users\Admin\AppData\Local\Temp\SynapseZ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2076 -s 600
  2⤵
  PID:3032

memory/2076-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

Filesize
4KB

Download
memory/2076-1-0x000000013FA10000-0x000000013FA28000-memory.dmp

Filesize
96KB

Download
memory/2076-2-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2076-3-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

Filesize
4KB

Download
memory/2076-4-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2076-5-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download