discordrat | 3cfecdb8353318f5b7939ee04f4c53568d1538f47b7d2e380ea2260f8d3759c8

Analysis

max time kernel
121s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2025 15:25

Target

Client-built.exe
Size

78KB
MD5

f8d2d076628b54000aa24acf26cb1c10
SHA1

144d46d805732f17740747ea036eaf57086ce941
SHA256

3cfecdb8353318f5b7939ee04f4c53568d1538f47b7d2e380ea2260f8d3759c8
SHA512

e06c02d1edbbcc5cfea3a360e5c5480a970d157f53bdd1449f8fe000a3e2f32f047a08864c6cb51796ef4df4c155d7cd1f5a66a756a4df9d93267517eee4845c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM0MTc4ODM2MzYyNzI5ODkyNw.GuQPad.VzcPaQaI5AHXhw2BV8WXxQ9L8CBKmn0S4XjEEs
server_id
1341458677420392498

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4896	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4896

memory/4896-0-0x00007FFEB4993000-0x00007FFEB4995000-memory.dmp

Filesize
8KB

Download
memory/4896-1-0x000002A8F68C0000-0x000002A8F68D8000-memory.dmp

Filesize
96KB

Download
memory/4896-2-0x000002A8F8FC0000-0x000002A8F9182000-memory.dmp

Filesize
1.8MB

Download
memory/4896-3-0x00007FFEB4990000-0x00007FFEB5451000-memory.dmp

Filesize
10.8MB

Download
memory/4896-4-0x000002A8F9800000-0x000002A8F9D28000-memory.dmp

Filesize
5.2MB

Download
memory/4896-5-0x00007FFEB4993000-0x00007FFEB4995000-memory.dmp

Filesize
8KB

Download
memory/4896-6-0x00007FFEB4990000-0x00007FFEB5451000-memory.dmp

Filesize
10.8MB

Download