discordrat | 4bc07dc7d54350b70913815ce1e64e7de0a4a553f98c329d9dfa102393596c60

Analysis

max time kernel
10s
max time network
0s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 00:54

Target

fischV2.0 (2).exe
Size

78KB
MD5

4f659af6caa703cd8780a4a925cd849e
SHA1

73a3695830bb58b6f8d632bdf5a29418b966f6ca
SHA256

4bc07dc7d54350b70913815ce1e64e7de0a4a553f98c329d9dfa102393596c60
SHA512

5c852b9128e31cf44dab3443524cb81a52f6b570cc6b594b43469e2b94d93539dbbc5f07f4ddbada11fb7d54860cce2f6b43e724adced3f3c8f451da2f29b244
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+qPIC:5Zv5PDwbjNrmAE+2IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMyMzE2MTk4MjQzMzQ5NzEyOQ.GmrYkf.Va-lbgJHpsxO7N5MLPC3bQrsddsoShr2_MH-C0
server_id
1324840093432680478

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1448	1732	fischV2.0 (2).exe	30
PID 1732 wrote to memory of 1448	1732	fischV2.0 (2).exe	30
PID 1732 wrote to memory of 1448	1732	fischV2.0 (2).exe	30

C:\Users\Admin\AppData\Local\Temp\fischV2.0 (2).exe
"C:\Users\Admin\AppData\Local\Temp\fischV2.0 (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1732 -s 596
  2⤵
  PID:1448

memory/1732-0-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x000000013F650000-0x000000013F668000-memory.dmp

Filesize
96KB

Download
memory/1732-2-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-3-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download
memory/1732-4-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download