discordrat | 89c2ac866812a8dbfce799b0fa61e839b434e995b5745d6a7aa8c59742b62aca

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2025, 21:29

Target

FPS-BOOSTER.exe
Size

78KB
MD5

3c032b4116006c30b893b7a8b8e08b75
SHA1

7584ed01df281485a17123ee23377a71048f73ef
SHA256

89c2ac866812a8dbfce799b0fa61e839b434e995b5745d6a7aa8c59742b62aca
SHA512

5b255826c9f0e99e2a35a883736d2d6155f54295c624c7e944d8ebd987fa5951a0db0e6c973ec67fbc79d37788e6da3f5eb284924693705578a1fa759e815d32
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V++TPIC:5Zv5PDwbjNrmAE+OIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM0Mjg2NjEwMzc1MTI4MjgwOQ.GG_lrZ.-z0UM5O7WblS0KobrxK8naZ8No2obDw3c_CTm4
server_id
1320021398919319632

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3628	FPS-BOOSTER.exe

C:\Users\Admin\AppData\Local\Temp\FPS-BOOSTER.exe
"C:\Users\Admin\AppData\Local\Temp\FPS-BOOSTER.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3628

memory/3628-0-0x00007FFE64353000-0x00007FFE64355000-memory.dmp

Filesize
8KB

Download
memory/3628-1-0x000001377C310000-0x000001377C328000-memory.dmp

Filesize
96KB

Download
memory/3628-2-0x000001377EA30000-0x000001377EBF2000-memory.dmp

Filesize
1.8MB

Download
memory/3628-3-0x00007FFE64350000-0x00007FFE64E11000-memory.dmp

Filesize
10.8MB

Download
memory/3628-4-0x000001377F130000-0x000001377F658000-memory.dmp

Filesize
5.2MB

Download
memory/3628-5-0x00007FFE64353000-0x00007FFE64355000-memory.dmp

Filesize
8KB

Download
memory/3628-6-0x00007FFE64350000-0x00007FFE64E11000-memory.dmp

Filesize
10.8MB

Download