discordrat | 4c9ea2510db5a128cc9eb6e589ef82a026f4c319c38843ac42644c14732d5c28 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-02-2025 20:04

Sharing

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

4fd26993b79ef2139a15e7eb49e3d13d
SHA1

aaf2f236c20b7231ef675bee1d4001dba217dc1b
SHA256

4c9ea2510db5a128cc9eb6e589ef82a026f4c319c38843ac42644c14732d5c28
SHA512

497fdf01f94bbd033c6c27d73b994fb12f24a5c0b767736355569ae216b123e4fa2123e8389940e3495d8f2bcc2510f6ec62e756559905a238ba6b3a8d34255a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzOTMyNDk1NDU0MTU1NTgxNA.Gs8FBT.MiEvMyM9NS2w2NGkXFjjCHXwHSMlStvjlqOb-Q
server_id
1339324858856636447

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2796	2996	Client-built.exe	30
PID 2996 wrote to memory of 2796	2996	Client-built.exe	30
PID 2996 wrote to memory of 2796	2996	Client-built.exe	30

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2996 -s 596
  2⤵
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2996-0-0x000007FEF4EC3000-0x000007FEF4EC4000-memory.dmp

Filesize
4KB

Download
memory/2996-1-0x000000013F4D0000-0x000000013F4E8000-memory.dmp

Filesize
96KB

Download
memory/2996-2-0x000007FEF4EC0000-0x000007FEF58AC000-memory.dmp

Filesize
9.9MB

Download
memory/2996-3-0x000007FEF4EC0000-0x000007FEF58AC000-memory.dmp

Filesize
9.9MB

Download