discordrat | 3198b259ee0958305fc415809680e396dc1c1e70b64042d439fbff70a7b53056 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 20:08

Sharing

Report Analysis Logs

General

Target

Main/Archie Exec.exe
Size

78KB
MD5

34d14c123c669b83eb895301ba962fe2
SHA1

5639ecb0423da1b4a70150b04c7088f9ac322e09
SHA256

24d0e2199cc3b9403cc5c89d0604acc7956a821c739971b6e4e59a9462f04dc7
SHA512

8170d4fb1f38b4bd4faaa263f7fddf9e4aa6aa42c24984cac86ad396865b778f2b03a3dda4e2162d938d678a3bff294769a31961b448d1b4caa2e01e03eacb6c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDk4MTIyODExMDY3NTk5OA.GT88WA.ePwsxmg2sKPAG2_wckoOXY00L3miyVqQ4YdvPU
server_id
1330981226093346919

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2844	2716	Archie Exec.exe	30
PID 2716 wrote to memory of 2844	2716	Archie Exec.exe	30
PID 2716 wrote to memory of 2844	2716	Archie Exec.exe	30

C:\Users\Admin\AppData\Local\Temp\Main\Archie Exec.exe
"C:\Users\Admin\AppData\Local\Temp\Main\Archie Exec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2716 -s 600
  2⤵
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-0-0x000007FEF6343000-0x000007FEF6344000-memory.dmp

Filesize
4KB

Download
memory/2716-1-0x000000013F5C0000-0x000000013F5D8000-memory.dmp

Filesize
96KB

Download
memory/2716-2-0x000007FEF6340000-0x000007FEF6D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2716-3-0x000007FEF6343000-0x000007FEF6344000-memory.dmp

Filesize
4KB

Download