General
-
Target
SecuriteInfo.com.BackDoor.Rat.281.18292.12946
-
Size
1.4MB
-
Sample
210615-n162cadl7e
-
MD5
793707365df26450bc8642f518a540f0
-
SHA1
66649127ad784288c393992971a197c10f86a8eb
-
SHA256
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
-
SHA512
550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BackDoor.Rat.281.18292.12946
-
Size
1.4MB
-
MD5
793707365df26450bc8642f518a540f0
-
SHA1
66649127ad784288c393992971a197c10f86a8eb
-
SHA256
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
-
SHA512
550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-