discordrat | a000d5b242c287ec8b1897e4e6dda734cc4615e2b7ff3a50440c753d78ce47bc

Analysis

max time kernel
101s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2025, 21:04

Target

Roblox executor.exe
Size

78KB
MD5

d4492c91b127b304f924edabe3213cec
SHA1

33569c0c910c1738873bea8cdb2652aa4335ac43
SHA256

f975182341f7800acdb358b504cf753c9bb54d9055b22e7a423ce04a7e583a98
SHA512

b25d18814f69098d70a9d6532f41b2e108821281aff4466a2b9e1bab533a13dd21a3cb168688a905425c19cfe5d3994d5bc14d6c7345ddb53c8c9ab7496948c2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+fPIC:5Zv5PDwbjNrmAE+nIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM2MjQ4NDQ3NDg1OTc1MzU3Mg.G6F0XN.VLF6L9woFXrcJqvnK2pSc21C4w5iXBv79eVBjs
server_id
1362170836378845274

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3152	Roblox executor.exe

C:\Users\Admin\AppData\Local\Temp\Roblox executor.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox executor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5176

memory/3152-1-0x00007FFE1F133000-0x00007FFE1F135000-memory.dmp

Filesize
8KB

Download
memory/3152-0-0x000001D01FF50000-0x000001D01FF68000-memory.dmp

Filesize
96KB

Download
memory/3152-2-0x000001D03A660000-0x000001D03A822000-memory.dmp

Filesize
1.8MB

Download
memory/3152-3-0x00007FFE1F130000-0x00007FFE1FBF2000-memory.dmp

Filesize
10.8MB

Download
memory/3152-4-0x000001D03B860000-0x000001D03BD88000-memory.dmp

Filesize
5.2MB

Download
memory/3152-5-0x00007FFE1F130000-0x00007FFE1FBF2000-memory.dmp

Filesize
10.8MB

Download