discordrat | d8c89492ce546f9f8c93f32d8f588f24430ed1474cf94c829a357d6831134941

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-02-2025 21:29

Target

VMAX Natural Spoofer.exe
Size

78KB
MD5

11fc8fd9abe3d177bf97cc3021c9c70f
SHA1

126706c0ef6087941fa3f6060d9a9ac87ff3a69e
SHA256

d8c89492ce546f9f8c93f32d8f588f24430ed1474cf94c829a357d6831134941
SHA512

56f0126608630f3bcf8ef3693d6caa41fb85b71fe7be0ba23fd8e88839b253d1cf5ffb699bc1e7b6987fa9d126f96e8034109558a1e466913abc0f054c5422ce
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM0MTUxOTI2Mzg4NTgyNDA3Mw.GIMjzQ.3ahVrwPiBDUOavG7cggk_eoN4_TXLFf-saRC04
server_id
1341518669251088486

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2548	2372	VMAX Natural Spoofer.exe	30
PID 2372 wrote to memory of 2548	2372	VMAX Natural Spoofer.exe	30
PID 2372 wrote to memory of 2548	2372	VMAX Natural Spoofer.exe	30

C:\Users\Admin\AppData\Local\Temp\VMAX Natural Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\VMAX Natural Spoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2372 -s 596
  2⤵
  PID:2548

memory/2372-0-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x000000013FC50000-0x000000013FC68000-memory.dmp

Filesize
96KB

Download
memory/2372-2-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2372-3-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp

Filesize
4KB

Download
memory/2372-4-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download