discordrat | 0300fd4f30013254015adcfa071a76c238b89d0b5c0bb78edf1b3db4bb67ac59

Analysis

max time kernel
10s
max time network
3s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-01-2025 13:13

Target

Client-built.exe
Size

78KB
MD5

cac3ad4234efc39e0e9042c55d9f864c
SHA1

dc8ab47b9aa08d0fe7451f37bd65d17a614b949a
SHA256

0300fd4f30013254015adcfa071a76c238b89d0b5c0bb78edf1b3db4bb67ac59
SHA512

33920c4ca715e60f1d504d081670a44a21817acce93028f7fe33b096ffb1fe437a46241a6fe10c89276c9a652bf41d1f8701c63a3f3d2dfdd51ce4532f4b3dc4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PPIC:5Zv5PDwbjNrmAE+3IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMzNDg2ODQ0OTQ4MjI0ODI1NA.GqRuir.m1LgjbdeFUMKWpZprOQy-MTZpg_vlVOqClUMFo
server_id
1334873666978189427

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1700	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1700

memory/1700-0-0x00007FFBDDB13000-0x00007FFBDDB15000-memory.dmp

Filesize
8KB

Download
memory/1700-1-0x000001BBA21E0000-0x000001BBA21F8000-memory.dmp

Filesize
96KB

Download
memory/1700-2-0x000001BBBC820000-0x000001BBBC9E2000-memory.dmp

Filesize
1.8MB

Download
memory/1700-3-0x00007FFBDDB10000-0x00007FFBDE5D2000-memory.dmp

Filesize
10.8MB

Download
memory/1700-4-0x000001BBBD020000-0x000001BBBD548000-memory.dmp

Filesize
5.2MB

Download
memory/1700-5-0x00007FFBDDB13000-0x00007FFBDDB15000-memory.dmp

Filesize
8KB

Download
memory/1700-6-0x00007FFBDDB10000-0x00007FFBDE5D2000-memory.dmp

Filesize
10.8MB

Download