32b66d41708ba38161f408c944991e66bdfb4d88774ca6daeec83c9c7ee86f64

Analysis

max time kernel
434s
max time network
435s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
21-02-2025 17:16

Target

Discord-RAT-2.0
Size

261KB
MD5

fa08d11abaf118ad6902743f52db6f8d
SHA1

3661b96c01bd5fcd33c3f2489b5bdb95cdb8222c
SHA256

32b66d41708ba38161f408c944991e66bdfb4d88774ca6daeec83c9c7ee86f64
SHA512

74f1ab2a8f3db11530f710c1293c1e1e34a9a1e8e7726fb790a3848ed3c14255a28d1437cd704665073b23e4814545b543a166a252bc9e0397fbceb919af1024
SSDEEP

6144:ypNLlpOL/saqkPV9FH2LqgIDSsmwf9cvZJT3CqbMrhryf65NRPaCieMjAkvCJv1o:0NLlpOL/saqkPV9FH2LqgIDSsmwf9cvn

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4380	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-RAT-2.0
1⤵
- Modifies registry class
PID:3128

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact