Overview

overview

10

Static

static

10

loader.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-01-2025 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loader.exe

  • Size

    78KB

  • MD5

    11642158e2aa02763cf233d531c4badd

  • SHA1

    581f6898a7dcbe74aa6ed63d3ce88ddb36121863

  • SHA256

    9b82456b1d66cb18ae687d200946b24af4c728d27a45ac58faa7984db7c8f62d

  • SHA512

    e27c7bdd9d83285dba1dfacce6edc405f5de9cc38480fe08fedda2eb212b6bffec520da7282e644e1bbfda7dd8493cc9e8ca63e57df50f747605eb3d28831fc8

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNzUyOTIxNDUyNTkwMjg4OA.Gl00Su.kwu9gYGqwYSCMmFg_QT0614c7yX3JSjWhJHwps

  • server_id

    1320148591603351694

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    "C:\Users\Admin\AppData\Local\Temp\loader.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3752-0-0x00007FFD31233000-0x00007FFD31235000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3752-1-0x000001A305EC0000-0x000001A305ED8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3752-2-0x000001A320570000-0x000001A320732000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3752-3-0x00007FFD31230000-0x00007FFD31CF2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3752-4-0x000001A3217F0000-0x000001A321D18000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3752-5-0x00007FFD31233000-0x00007FFD31235000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3752-6-0x00007FFD31230000-0x00007FFD31CF2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3752-8-0x00007FFD31230000-0x00007FFD31CF2000-memory.dmp

    Filesize

    10.8MB

    Download