discordrat | 430433eec099a6666339218cf1089d6fb2626758930fec1bba78501c9be377be

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-01-2025 01:31

Target

Main.exe
Size

78KB
MD5

5ed06daf364ad1a25e86081b936f2da5
SHA1

63bae7ed9d11c6300c6b5c7e9b0863ef12f17acd
SHA256

430433eec099a6666339218cf1089d6fb2626758930fec1bba78501c9be377be
SHA512

d9b89095145bc68bb17faf51a9e688724ff7243d52fdd2620424e18a834da8fbfacd2d7ac6e1530582b4637ac4b3a87ba4faa383617f08f7d0b60bfe23a22fa5
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+mPIC:5Zv5PDwbjNrmAE+CIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMxNzEzNDQ3MzExMjA2NDA5MA.GJ-fqs.71xBerWaoZN0IKEdibuQAKu9YmgLklg_2D1YY8
server_id
1317524885165314078

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2804	2708	Main.exe	30
PID 2708 wrote to memory of 2804	2708	Main.exe	30
PID 2708 wrote to memory of 2804	2708	Main.exe	30

C:\Users\Admin\AppData\Local\Temp\Main.exe
"C:\Users\Admin\AppData\Local\Temp\Main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2708 -s 600
  2⤵
  PID:2804

memory/2708-0-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

Filesize
4KB

Download
memory/2708-1-0x000000013FED0000-0x000000013FEE8000-memory.dmp

Filesize
96KB

Download
memory/2708-2-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download
memory/2708-3-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

Filesize
4KB

Download
memory/2708-4-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download