discordrat | c8f8c3931dfe7aaf4317129997d334a66ce63831ffba734646b2fac665f73aec | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 17:15

Sharing

Report Analysis Logs

General

Target

Archie Executor/Akaza Executor.exe
Size

78KB
MD5

1122dc03fd80494144a56982d0ed162a
SHA1

891215f3b9aca2b6b4c683e04061e6cd1e54346e
SHA256

94dd471caec018c37563c6ab44d84b831e8d6681096f05920091233562badae6
SHA512

865c6263e62b730b86eabc6fba2b07a6b9fb7a27305baafadda7c07888964dc43fa79327d905295ce2a03d6789348a6b6c3579aaf12c8ff99040388f215c509c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDk4MTIyODExMDY3NTk5OA.GtjQhg.JmWSRpTczxrX_1A9KdscxQg9DQjJe5yb8Kg4iU
server_id
1330981226093346919

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1600	2108	Akaza Executor.exe	30
PID 2108 wrote to memory of 1600	2108	Akaza Executor.exe	30
PID 2108 wrote to memory of 1600	2108	Akaza Executor.exe	30

C:\Users\Admin\AppData\Local\Temp\Archie Executor\Akaza Executor.exe
"C:\Users\Admin\AppData\Local\Temp\Archie Executor\Akaza Executor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2108 -s 596
  2⤵
  PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2108-0-0x000007FEF6643000-0x000007FEF6644000-memory.dmp

Filesize
4KB

Download
memory/2108-1-0x000000013F600000-0x000000013F618000-memory.dmp

Filesize
96KB

Download
memory/2108-2-0x000007FEF6640000-0x000007FEF702C000-memory.dmp

Filesize
9.9MB

Download
memory/2108-3-0x000007FEF6640000-0x000007FEF702C000-memory.dmp

Filesize
9.9MB

Download