discordrat | 7728affef21fc8c547a2646849a8e462d1217d6e85d4578a23ed71db7b77d467 | Triage

Analysis

max time kernel
839s
max time network
840s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-02-2025 19:27

Sharing

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

78KB
MD5

0333cbd175b140dbd2e1f40da264c47e
SHA1

3d5652f50a57aea4c61942a6857a29556d349b24
SHA256

7728affef21fc8c547a2646849a8e462d1217d6e85d4578a23ed71db7b77d467
SHA512

60b64f020a9b013ef642576ad29f1caf363b0be7679bc1b64ec70a2d88abfbffd64523c6d84b0be7c739318dd85e3de1f0dec26de14f203c51879b22e3dc4e6b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MDAzOTE0NDU4NzY2MTQ1OQ.G0CIRd.IdjzlDfdFrEFamtcSN6jYxt5znz8nrXxghsww8
server_id
1340039546653380752

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2088	2396	Bootstrapper.exe	30
PID 2396 wrote to memory of 2088	2396	Bootstrapper.exe	30
PID 2396 wrote to memory of 2088	2396	Bootstrapper.exe	30

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2396 -s 596
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-0-0x000007FEF5AC3000-0x000007FEF5AC4000-memory.dmp

Filesize
4KB

Download
memory/2396-1-0x000000013F930000-0x000000013F948000-memory.dmp

Filesize
96KB

Download
memory/2396-2-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2396-3-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download