discordrat | b9e94e44768a73aacf68786118d898dfb3f2c7223737b2a41ea3aa3f1debcabd

Analysis

max time kernel
102s
max time network
105s
platform
windows11-21h2_x64
resource
win11-20250411-en
resource tags

arch:x64arch:x86image:win11-20250411-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2025, 13:10

Target

Discordrat.exe
Size

78KB
MD5

2d1d18365fe1c507b677de17323f08b1
SHA1

83418952aa584c29309853280db5b64dcc812535
SHA256

b9e94e44768a73aacf68786118d898dfb3f2c7223737b2a41ea3aa3f1debcabd
SHA512

db14d84fb1267ccd6d9b0de68e9faebb10841728300cea831b297f710084962292c6786a2a4c0ec00c1f921169d5a032675d048c6dd5ca2c8055e07bb2d26f1f
SSDEEP

1536:58+ycDpi6qczE62Ti0F6/076q5lS7pHacGiNPAQHVhampStsuGanHrRY7fg0pUDu:5jycDpi6qczE62TxF6/076q5lS7pHacn

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM2MjQwNzY0NzA1MTI1MTc3Mg.G-bYfp.u0DPoJkBL0aIvMvFjYtsKR8zIUixwvPB4WsTYg
server_id
1351601990072795178

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3788	Discordrat.exe

C:\Users\Admin\AppData\Local\Temp\Discordrat.exe
"C:\Users\Admin\AppData\Local\Temp\Discordrat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3788

memory/3788-0-0x00007FF882093000-0x00007FF882095000-memory.dmp

Filesize
8KB

Download
memory/3788-1-0x000001F72E670000-0x000001F72E688000-memory.dmp

Filesize
96KB

Download
memory/3788-2-0x000001F748DA0000-0x000001F748F62000-memory.dmp

Filesize
1.8MB

Download
memory/3788-3-0x00007FF882090000-0x00007FF882B52000-memory.dmp

Filesize
10.8MB

Download
memory/3788-4-0x000001F74A070000-0x000001F74A598000-memory.dmp

Filesize
5.2MB

Download
memory/3788-5-0x00007FF882093000-0x00007FF882095000-memory.dmp

Filesize
8KB

Download
memory/3788-6-0x00007FF882090000-0x00007FF882B52000-memory.dmp

Filesize
10.8MB

Download