discordrat | 7c0127c40d17b41439d727c9b269d82f029403641ae0184460e1e7a885c79612

Analysis

max time kernel
10s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2025 10:48

Target

Client-built.exe
Size

78KB
MD5

85b06cee19087bd0f3ea210c24da1539
SHA1

3b2fbb782ebf59523a9585ccf21f776346c7b9a7
SHA256

7c0127c40d17b41439d727c9b269d82f029403641ae0184460e1e7a885c79612
SHA512

a0f9a91553902664dc39d205aa19cec492f37ba685edf5760733a6e3aba8003fb6b5d68a73cd36f5eed29cb73da9ffc90cebbed5675326217b58fb8d66e672ab
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM0MjgwMDMyMDQ3NTk1NTI3MQ.GuDciq.qAm2IRLDYzYzxeG6k03LOIdpfI5OSPydofzRUk
server_id
1341023797532164179

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3972	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3972

memory/3972-1-0x00007FFE2C583000-0x00007FFE2C585000-memory.dmp

Filesize
8KB

Download
memory/3972-0-0x00000153C5D90000-0x00000153C5DA8000-memory.dmp

Filesize
96KB

Download
memory/3972-2-0x00000153E04D0000-0x00000153E0692000-memory.dmp

Filesize
1.8MB

Download
memory/3972-3-0x00007FFE2C580000-0x00007FFE2D041000-memory.dmp

Filesize
10.8MB

Download
memory/3972-4-0x00000153E0CD0000-0x00000153E11F8000-memory.dmp

Filesize
5.2MB

Download
memory/3972-5-0x00007FFE2C580000-0x00007FFE2D041000-memory.dmp

Filesize
10.8MB

Download