discordrat | daa9a722b82d251a4db096f7ec24308b21f8e1e357233d67268ed09b6d9ca6ab | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 13:28

Sharing

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

78KB
MD5

002260e88f41f37e23cd07a7c17fb4c7
SHA1

eeaa37f667f876970941009cbc02cfe350b0ff49
SHA256

daa9a722b82d251a4db096f7ec24308b21f8e1e357233d67268ed09b6d9ca6ab
SHA512

f964f68913c611e63903dedf213c1f983948f5eb548faaa3549c8353db116bc5952c23a56b39cd718746d7f6a8b59792e16cd9cc68fc767f8a961ba76e7f6718
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNTA4NjM1OTY5MzU1Nzg2MA.Gy12zF.Ez60W13rQoYrcb7hHtY3BMQfSniXY4txdPYX7I
server_id
1325061927801458719

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2920	2336	Bootstrapper.exe	30
PID 2336 wrote to memory of 2920	2336	Bootstrapper.exe	30
PID 2336 wrote to memory of 2920	2336	Bootstrapper.exe	30

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2336 -s 600
  2⤵
  PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2336-0-0x000007FEF59F3000-0x000007FEF59F4000-memory.dmp

Filesize
4KB

Download
memory/2336-1-0x000000013FD30000-0x000000013FD48000-memory.dmp

Filesize
96KB

Download
memory/2336-2-0x000007FEF59F0000-0x000007FEF63DC000-memory.dmp

Filesize
9.9MB

Download
memory/2336-3-0x000007FEF59F0000-0x000007FEF63DC000-memory.dmp

Filesize
9.9MB

Download