discordrat | 9fb11ca9734d6d1bd3c85ab377dda79a479ed35312ebae5358867365c8b977a2 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-12-2024 17:52

Sharing

Report Analysis Logs

General

Target

shirugan WPF.exe
Size

78KB
MD5

83c68a6d8c4619b39ac94c36041e3c91
SHA1

f801ddf931605ec9b42d937432004f8d1fd63318
SHA256

9fb11ca9734d6d1bd3c85ab377dda79a479ed35312ebae5358867365c8b977a2
SHA512

61100a5050a36ca12373d6225e6a162524b168364c2cf9f77f59ace9590fc7da51edcc520ec18cb28909744af4786463d61f9e1c5733d9f15d51654e1882426e
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+hPIC:5Zv5PDwbjNrmAE+xIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNTk4OTgzODIzMDQ1ODM2OQ.GqrBo6.VTposA2YqG1QAeEEznkDUoVFtckk6RDCZG93eo
server_id
1315990037258702879

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2604	2188	shirugan WPF.exe	30
PID 2188 wrote to memory of 2604	2188	shirugan WPF.exe	30
PID 2188 wrote to memory of 2604	2188	shirugan WPF.exe	30

C:\Users\Admin\AppData\Local\Temp\shirugan WPF.exe
"C:\Users\Admin\AppData\Local\Temp\shirugan WPF.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 600
  2⤵
  PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2188-0-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

Filesize
4KB

Download
memory/2188-1-0x000000013FC50000-0x000000013FC68000-memory.dmp

Filesize
96KB

Download
memory/2188-2-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

Filesize
9.9MB

Download
memory/2188-3-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

Filesize
9.9MB

Download