discordrat | b180d7576e2bda6d34fddc8d46d3adaa407b09eafc51d91775c4ab1be584c03c

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-01-2025 19:48

Target

WzAio.exe
Size

343KB
MD5

de95907b1b7f19a112ba55e414b11528
SHA1

5480bda626776b487e9419e36a8a5ee5752d5f13
SHA256

b180d7576e2bda6d34fddc8d46d3adaa407b09eafc51d91775c4ab1be584c03c
SHA512

0c1b4f72e58439c399e2479e95d4bb45cd52bee7932ac559e12ed30ab86915c72ae54f58b14b5dc597eede6c79938269fc9de948d5cb6b9a0e2e4499e4d9e3a9
SSDEEP

6144:Qv5PDwbBrGInX/EUfvhYacccccqKUygN+4BbV9+lsDX86A3cYTWREXPWUjlaRp2s:Qv5MnvjH1C4wiDX893v6REXeUMP

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMyMzI1ODg0Mzk3NDg2NDk4Ng.GZ06ew.muqC2L5A-Hr2cT2WYwTwCx671zJJMrtSI5VSD4
server_id
1323258690882502736

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2224	3020	WzAio.exe	30
PID 3020 wrote to memory of 2224	3020	WzAio.exe	30
PID 3020 wrote to memory of 2224	3020	WzAio.exe	30

C:\Users\Admin\AppData\Local\Temp\WzAio.exe
"C:\Users\Admin\AppData\Local\Temp\WzAio.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3020 -s 604
  2⤵
  PID:2224

memory/3020-0-0x000007FEF57F3000-0x000007FEF57F4000-memory.dmp

Filesize
4KB

Download
memory/3020-1-0x000000013FBA0000-0x000000013FBFA000-memory.dmp

Filesize
360KB

Download
memory/3020-2-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

Filesize
9.9MB

Download
memory/3020-3-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

Filesize
9.9MB

Download