discordrat | 626e6153f10d409de5613c0dac0d58681bad4aafed01bf8e9ac94a78ab35f8ee | Triage

Analysis

max time kernel
2s
max time network
0s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-02-2025 12:26

Sharing

Report Analysis Logs

General

Target

AZURA OFFICIIAL BP.exe
Size

78KB
MD5

a9078ffe9cf3f366ef0e9d092173d9b9
SHA1

36fcbbe1e918f77db29d54121b494fb33c7766f0
SHA256

626e6153f10d409de5613c0dac0d58681bad4aafed01bf8e9ac94a78ab35f8ee
SHA512

cabd1c47b7f4bafd92936c5798eea7625a040c34acb246442829c02ed2ffd14ae301e6f2a88ce086daa295fec64bbb0f8664b0b7aba32e33d1b15c7bbb879ef6
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMjU0MjgxMTk5NTcwMTMxOQ.Gko2XY._Lh2H9SXyYfR1r5qCapZNtXnbol5E7lsAn4DZI
server_id
1322543810483589232

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2088	1800	AZURA OFFICIIAL BP.exe	31
PID 1800 wrote to memory of 2088	1800	AZURA OFFICIIAL BP.exe	31
PID 1800 wrote to memory of 2088	1800	AZURA OFFICIIAL BP.exe	31

C:\Users\Admin\AppData\Local\Temp\AZURA OFFICIIAL BP.exe
"C:\Users\Admin\AppData\Local\Temp\AZURA OFFICIIAL BP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1800 -s 596
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-0-0x000007FEF5413000-0x000007FEF5414000-memory.dmp

Filesize
4KB

Download
memory/1800-1-0x000000013FFD0000-0x000000013FFE8000-memory.dmp

Filesize
96KB

Download
memory/1800-2-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/1800-3-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download