Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2025 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    0fc964575cd07a1c00e66c94762402fd

  • SHA1

    e026ec9a7119727d8b83d6b6ebf7cd06e0d96731

  • SHA256

    90f2dd89dad39a3110f18b1c8591a06eac2875b3f43e0734e6ba73f0f4e3aa14

  • SHA512

    fef7c4a0e951504e57ce4fbf56969397522c4e2f02aef2a2b8df52c57cdc3430c72c4e1e018846f747935e398f07169ccbf43f758c8926ebffb1139644092245

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0MzI5MTg0NjcwODY5NTA3MA.G_02fI._RLTy2KgbXmcxr7rvgPp3aA-4GogTzAvo9PiU8

  • server_id

    1342636455557861420

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3932
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1044-17-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-7-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-9-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-13-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-8-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-14-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-15-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-19-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-16-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-18-0x000002855B450000-0x000002855B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3932-5-0x00007FFB23193000-0x00007FFB23195000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3932-4-0x00000284EE220000-0x00000284EE748000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3932-0-0x00007FFB23193000-0x00007FFB23195000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3932-2-0x00000284EDA20000-0x00000284EDBE2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3932-6-0x00007FFB23190000-0x00007FFB23C51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3932-1-0x00000284D3390000-0x00000284D33A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3932-3-0x00007FFB23190000-0x00007FFB23C51000-memory.dmp

    Filesize

    10.8MB

    Download