discordrat | 7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 22:10

Sharing

Report Analysis Logs

General

Target

TRT.exe
Size

78KB
MD5

dc350fb27cef847db894d4704faac60a
SHA1

cb671a35127562cb8d20c92e471f0841b6b14ba1
SHA256

7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0
SHA512

d4abde46cfea25f8645e3a4920944d0f7676418ae5c4d22256021ac3a7566c3b41ad812d26c10da344894c35b5457057f1184b42e3b5d83b96177606d326a63d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CpPIC:5Zv5PDwbjNrmAE+oIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNTg4NDM2NjcxNDMxMDY3Ng.Gc_wqW.b2EmK8XaLOl-3gOmCEBQuc_xctgLo2BaBegyQQ
server_id
1325882884120383539

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2844	2728	TRT.exe	30
PID 2728 wrote to memory of 2844	2728	TRT.exe	30
PID 2728 wrote to memory of 2844	2728	TRT.exe	30

C:\Users\Admin\AppData\Local\Temp\TRT.exe
"C:\Users\Admin\AppData\Local\Temp\TRT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2728 -s 600
  2⤵
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-0-0x000007FEF5F63000-0x000007FEF5F64000-memory.dmp

Filesize
4KB

Download
memory/2728-1-0x000000013FA30000-0x000000013FA48000-memory.dmp

Filesize
96KB

Download
memory/2728-2-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/2728-3-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download