Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    6ab9c1eda7daf07dca994f5f6394d33a

  • SHA1

    0f3e3275c7738c28650233cfdefd58a75bc3148b

  • SHA256

    45f4ce529bfdf2ea1d1fc70f5a2737a9d2977172930c5570c56e9dbc44b6b391

  • SHA512

    e65f8611364cc2fb93f4d55828be33251bf150448eea073c8437396e4d22ea58c47c1f46a03742d063a8e0aa59f6454eaf9c20c76057811dd4506be4e9dc4c18

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwMTU4MzM1NDcxNzY2NzQxOQ.GE07zS.Z10SUgnyFbaVbeOcOiJUNXKaDOhU6MKfgqOx8Q

  • server_id

    1335294781940830239

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Downloads MZ/PE file
    • Suspicious use of AdjustPrivilegeToken
    PID:5492
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x404 0x498
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_00ECB411650340E7B0BD34B1A5B6D6EF.dat
    Filesize

    940B

    MD5

    94a6a7a5feb0452e71bd4468c576e3a1

    SHA1

    64c6e16e83c8bb8ab761c19ab777de7ed6a72031

    SHA256

    98a40b2c153cec4e050cf54fde59a74aed4bd39da83682f7618c02cdba852898

    SHA512

    06404c1a98d262f124e520e33fe75f666b4673bdc40c14e6002fd91a53d49c2d9ba95c87d1a496d2edac8f78a148bf044de32fdfda19b928d7fb6197557c5629

    Download Submit

  • memory/5492-3-0x00007FF982490000-0x00007FF982F51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5492-2-0x000001D09EF80000-0x000001D09F142000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5492-0-0x000001D0849E0000-0x000001D0849F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/5492-4-0x000001D09F880000-0x000001D09FDA8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/5492-5-0x00007FF982493000-0x00007FF982495000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5492-6-0x00007FF982490000-0x00007FF982F51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5492-7-0x000001D09F350000-0x000001D09F3FA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/5492-11-0x00007FF982490000-0x00007FF982F51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5492-1-0x00007FF982493000-0x00007FF982495000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5492-14-0x00007FF982490000-0x00007FF982F51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5492-15-0x000001D0A0230000-0x000001D0A02A6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/5492-16-0x000001D09F320000-0x000001D09F332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5492-17-0x000001D09F660000-0x000001D09F67E000-memory.dmp

    Filesize

    120KB

    Download