discordrat | 5d3e32eb5ea91429a749c4028fe649b9df47de27724dd42a487158ba50df6481 | Triage

Resubmissions

27/02/2025, 03:34

250227-d4q2nsvjs2 10

27/02/2025, 01:17

250227-bnsjfszrt2 10

27/02/2025, 01:15

250227-bl91qay1gt 10

27/02/2025, 00:58

250227-bbtwrayybt 10

27/02/2025, 00:43

250227-a2zn9azkx8 10

27/02/2025, 00:37

250227-ayp1mszjy7 10

26/02/2025, 07:19

250226-h5we1axqy4 10

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 00:43

Sharing

Report Analysis Logs

General

Target

munchers macroo.exe
Size

78KB
MD5

71bdc150dbeefcfcd1b666c9d6720c2d
SHA1

40bf65f8f3f769c38742100d78c207ad8216da8a
SHA256

5d3e32eb5ea91429a749c4028fe649b9df47de27724dd42a487158ba50df6481
SHA512

eb9c4b5ec98b88ef5c1d9c0e3c5c6aa0a980bedbcc018acccb7744bf13efd7b63dad90ac66c760483aed548b3bdb84371c3827b6dad251616c47aa330c3f26ad
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzOTM5OTY3NjM5ODY2OTg1NQ.Gck5a5.XicI5CumuIGSMUtR_XyzAV131atN3kWG3NL6tM
server_id
1339399951423115286

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2912	2648	munchers macroo.exe	30
PID 2648 wrote to memory of 2912	2648	munchers macroo.exe	30
PID 2648 wrote to memory of 2912	2648	munchers macroo.exe	30

C:\Users\Admin\AppData\Local\Temp\munchers macroo.exe
"C:\Users\Admin\AppData\Local\Temp\munchers macroo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2648 -s 596
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

Filesize
4KB

Download
memory/2648-1-0x000000013F420000-0x000000013F438000-memory.dmp

Filesize
96KB

Download
memory/2648-2-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2648-3-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download