discordrat | ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 20:03

Target

seba.exe
Size

78KB
MD5

9641d619bf8575e1b2d43ae2e4ca28bb
SHA1

e19700f8a645a513bf184146821b6b52676040f7
SHA256

ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945
SHA512

3d332a91a9c3f66df77101ae74465a41721f85551d6f675cdc049ed1017427887d163915655b07c555c0898d04229d82f207a69dff2f78694cfb5d73a8c0684d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMzMzE3NTA2MTQzOTQ0NzEwMQ.GF7IPf.28Nx_t4P-22zVkKEjaXGlf2UjTqkyWZJ-GTh8k
server_id
1333175340633423913

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1096	seba.exe

C:\Users\Admin\AppData\Local\Temp\seba.exe
"C:\Users\Admin\AppData\Local\Temp\seba.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1096

memory/1096-0-0x00007FFB28113000-0x00007FFB28115000-memory.dmp

Filesize
8KB

Download
memory/1096-1-0x000002046E810000-0x000002046E828000-memory.dmp

Filesize
96KB

Download
memory/1096-2-0x0000020470DD0000-0x0000020470F92000-memory.dmp

Filesize
1.8MB

Download
memory/1096-3-0x00007FFB28110000-0x00007FFB28BD1000-memory.dmp

Filesize
10.8MB

Download
memory/1096-4-0x00000204715D0000-0x0000020471AF8000-memory.dmp

Filesize
5.2MB

Download
memory/1096-5-0x00007FFB28110000-0x00007FFB28BD1000-memory.dmp

Filesize
10.8MB

Download