Overview

overview

10

Static

static

10

RIP_YOUR_PC_LOL.exe

windows7_x64

10

RIP_YOUR_PC_LOL.exe

windows10_x64

1

RIP_YOUR_PC_LOL.exe

windows10-2004_x64

1

RIP_YOUR_PC_LOL.exe

windows11_x64

Resubmissions

15-03-2022 08:40

220315-klcjwshbh7 10

11-03-2022 16:17

220311-trnzjsdcar 10

11-03-2022 15:27

220311-sv8yfsdbam 10

09-03-2022 15:19

220309-sp9ykacfan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RIP_YOUR_PC_LOL.exe

  • Size

    22.5MB

  • Sample

    220315-klcjwshbh7

  • MD5

    52867174362410d63215d78e708103ea

  • SHA1

    7ae4e1048e4463a4201bdeaf224c5b6face681bf

  • SHA256

    37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a

  • SHA512

    89e17e147d3f073e479e85d0b0321f6264bbc2aa84c930ed645e8f5cde3f1e58812c3db1ba0f10bee6ce7ac0731e1e3de6747a9b3c4d63a564dd8d904bd726ab

Score
10/10
asyncratfickerstealerhawkeyenanocorenjratpurplefoxinfostealerkeyloggerpersistenceratrootkitspywarestealertrojanupx

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      RIP_YOUR_PC_LOL.exe

    • Size

      22.5MB

    • MD5

      52867174362410d63215d78e708103ea

    • SHA1

      7ae4e1048e4463a4201bdeaf224c5b6face681bf

    • SHA256

      37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a

    • SHA512

      89e17e147d3f073e479e85d0b0321f6264bbc2aa84c930ed645e8f5cde3f1e58812c3db1ba0f10bee6ce7ac0731e1e3de6747a9b3c4d63a564dd8d904bd726ab

    Score
    10/10
    asyncratfickerstealerhawkeyenanocorenjratpurplefoxinfostealerkeyloggerpersistenceratrootkitspywarestealertrojanupx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Async RAT payload

      rat

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Sets DLL path for service in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks