discordrat | b180d7576e2bda6d34fddc8d46d3adaa407b09eafc51d91775c4ab1be584c03c

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/01/2025, 10:12

Target

WzAio.exe
Size

343KB
MD5

de95907b1b7f19a112ba55e414b11528
SHA1

5480bda626776b487e9419e36a8a5ee5752d5f13
SHA256

b180d7576e2bda6d34fddc8d46d3adaa407b09eafc51d91775c4ab1be584c03c
SHA512

0c1b4f72e58439c399e2479e95d4bb45cd52bee7932ac559e12ed30ab86915c72ae54f58b14b5dc597eede6c79938269fc9de948d5cb6b9a0e2e4499e4d9e3a9
SSDEEP

6144:Qv5PDwbBrGInX/EUfvhYacccccqKUygN+4BbV9+lsDX86A3cYTWREXPWUjlaRp2s:Qv5MnvjH1C4wiDX893v6REXeUMP

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMyMzI1ODg0Mzk3NDg2NDk4Ng.GZ06ew.muqC2L5A-Hr2cT2WYwTwCx671zJJMrtSI5VSD4
server_id
1323258690882502736

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2128	1880	WzAio.exe	31
PID 1880 wrote to memory of 2128	1880	WzAio.exe	31
PID 1880 wrote to memory of 2128	1880	WzAio.exe	31

C:\Users\Admin\AppData\Local\Temp\WzAio.exe
"C:\Users\Admin\AppData\Local\Temp\WzAio.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1880 -s 596
  2⤵
  PID:2128

memory/1880-0-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/1880-1-0x000000013F140000-0x000000013F19A000-memory.dmp

Filesize
360KB

Download
memory/1880-2-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/1880-3-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download