discordrat | 5a23b54943959e05cf195c9936d1016eeb264d7679bb802fe9ffd79e9bbfd7f3 | Triage

Analysis

max time kernel
74s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 06:03

Sharing

Report Analysis Logs

General

Target

passwords.exe
Size

78KB
MD5

513ecef8b9161f44f6d822a85d18734c
SHA1

8e8795f80d2c7db261c3c7457b4f06fb86266af4
SHA256

5a23b54943959e05cf195c9936d1016eeb264d7679bb802fe9ffd79e9bbfd7f3
SHA512

1f891e184af63c8f17a12c100060ce1abcc2208c1c928287a55489d35708d91c19bc7fea03e0098e659b3db3f6de3ede0f51e1794bfbff383243cb2a8a28b345
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gPIC:5Zv5PDwbjNrmAE+EIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMzk4NzY2MTExMDU3NTEzNA.GBxxcG.hCxvPKnNhuDVqFwQAGcXXL8xZHa8nfwbs3kxmk
server_id
1334397739173281835

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2164	1736	passwords.exe	30
PID 1736 wrote to memory of 2164	1736	passwords.exe	30
PID 1736 wrote to memory of 2164	1736	passwords.exe	30

C:\Users\Admin\AppData\Local\Temp\passwords.exe
"C:\Users\Admin\AppData\Local\Temp\passwords.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1736 -s 600
  2⤵
  PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-0-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

Filesize
4KB

Download
memory/1736-1-0x000000013F200000-0x000000013F218000-memory.dmp

Filesize
96KB

Download
memory/1736-2-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download
memory/1736-3-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download