Overview

overview

10

Static

static

10

Test (2).exe

windows7-x64

10

Test (2).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2025 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Test (2).exe

  • Size

    78KB

  • MD5

    d5d379d82e48b20012571e109afdcabc

  • SHA1

    81814e7e9624c129ada04f564161e34bfca79ed0

  • SHA256

    0415f51718785e94b0a46e07726ff0365edd39346b7dec102fcc18066c1e960f

  • SHA512

    df3cf445bf4a60021ed10aea72d8ae65ab80504838604c454a28abebe97793139a724da3f38eb1d766592e1940de11c9906c8db258a7231d8287d201e762b7c3

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+bPIC:5Zv5PDwbjNrmAE+TIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzODEzMzAzMTI4MTQ5NjA3NQ.G-IWXr.t4kQYshfGCbgomBNDLaukslw-0UVk9bttQIQAU

  • server_id

    1012892095574454333

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Test (2).exe
    "C:\Users\Admin\AppData\Local\Temp\Test (2).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2776 -s 604
      2⤵
        PID:2876
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:3064

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2776-0-0x000007FEF6503000-0x000007FEF6504000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2776-1-0x000000013FFC0000-0x000000013FFD8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2776-2-0x000007FEF6500000-0x000007FEF6EEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2776-3-0x000007FEF6500000-0x000007FEF6EEC000-memory.dmp

        Filesize

        9.9MB

        Download