discordrat | b948e891954b8791d4c1d970a5d7f74ad9a3b53257a0d0b18be6804607eedacd

Analysis

max time kernel
83s
max time network
64s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-01-2025 02:13

Target

Rat.exe
Size

78KB
MD5

0282465b11b8286e12d138818621beb7
SHA1

7c89d7e5f160d0cf381f2b96739c6f9eb40927e3
SHA256

b948e891954b8791d4c1d970a5d7f74ad9a3b53257a0d0b18be6804607eedacd
SHA512

84006a3c0206a51866d90eea5b6841a80f70443d24b64fb3ceb128f151038a13926f11c5160aa4c9ccdac83ed5315347720e080748211a6dfe6ed46fd6047c2a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+0PIC:5Zv5PDwbjNrmAE+oIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMzMDA3MDM5MDEyNjY3NDAzMQ.GzUYna.NplOTxhrT8SBdYeVBTS8VyvV0_Yehzhs0WcmwE
server_id
1330069443308683327

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	Rat.exe

C:\Users\Admin\AppData\Local\Temp\Rat.exe
"C:\Users\Admin\AppData\Local\Temp\Rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992

memory/1992-0-0x00007FF8FE653000-0x00007FF8FE655000-memory.dmp

Filesize
8KB

Download
memory/1992-1-0x00000228313E0000-0x00000228313F8000-memory.dmp

Filesize
96KB

Download
memory/1992-2-0x000002284BA10000-0x000002284BBD2000-memory.dmp

Filesize
1.8MB

Download
memory/1992-3-0x00007FF8FE650000-0x00007FF8FF112000-memory.dmp

Filesize
10.8MB

Download
memory/1992-4-0x000002284C210000-0x000002284C738000-memory.dmp

Filesize
5.2MB

Download
memory/1992-5-0x00007FF8FE653000-0x00007FF8FE655000-memory.dmp

Filesize
8KB

Download
memory/1992-6-0x00007FF8FE650000-0x00007FF8FF112000-memory.dmp

Filesize
10.8MB

Download