Analysis
-
max time kernel
1747s -
max time network
1757s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-06-2024 18:14
Behavioral task
behavioral1
Sample
Discord rat.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Discord rat.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Discord rat.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
Discord rat.exe
Resource
win11-20240508-en
General
-
Target
Discord rat.exe
-
Size
79KB
-
MD5
4a825505953f3f758e1da9bab73df39e
-
SHA1
ee7226735ea2d358d8628e037f35d38fc799ef50
-
SHA256
5436af4185d5c05d8ec07213f940cb8a3506fa9a0621b45ebf38583e37165977
-
SHA512
43120fc749ee67d7b8371aa921ee9a7b3769cbc63db06c0dd5cadfa7a83aeeb51e3a54ac4e8c0738cc58b22bcef0d8c5198b753626955371823d11a54d0d12a9
-
SSDEEP
1536:UeycDpiiSoH8ovTpPFl+ktd2+6CHpHKcGiNPAeN+cvy1kml4KSYHbC/EuYDbbqik:rycDpiiSoH8ovTpFl+ktd2+6CHpHKcGw
Malware Config
Extracted
discordrat
-
discord_token
MTI1Njk1OTk3MzkyMjA1MDA0OA.GGLfYW.bDrMZAIyeTVgyJMSqQFO2gDeB0CtQKGKri6ACU
-
server_id
1256666099580403734
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Discord rat.exedescription pid process Token: SeDebugPrivilege 2936 Discord rat.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2936-0-0x000002D4ED950000-0x000002D4ED968000-memory.dmpFilesize
96KB
-
memory/2936-1-0x00007FFF21033000-0x00007FFF21035000-memory.dmpFilesize
8KB
-
memory/2936-2-0x000002D4F0050000-0x000002D4F0212000-memory.dmpFilesize
1.8MB
-
memory/2936-3-0x00007FFF21030000-0x00007FFF21AF2000-memory.dmpFilesize
10.8MB
-
memory/2936-4-0x00007FFF21030000-0x00007FFF21AF2000-memory.dmpFilesize
10.8MB