Overview

overview

10

Static

static

10

ba380964a0...5c.exe

windows7_x64

10

ba380964a0...5c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    171s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-05-2022 01:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba380964a0905d9c84431100df8ed63f4f11c5e36a859d9c89e98fa5c75c2c5c.exe

  • Size

    118KB

  • MD5

    994b2e4e67a5c00676c603f7d5846a1d

  • SHA1

    7977e2480736dcb8b2612054839ef8ac29b2bc9d

  • SHA256

    ba380964a0905d9c84431100df8ed63f4f11c5e36a859d9c89e98fa5c75c2c5c

  • SHA512

    7ace1c3b68d1fe0875e5fcbe5b378d1975a4ac4305ec62b8366af72e858251ab7dba0d28d18d818d2f7f349b28d4594a49903a6699c70a64662f1f4d6267f993

Score
10/10
vanillaratpersistencerat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanilla Rat Payload 1 IoCs
    rat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba380964a0905d9c84431100df8ed63f4f11c5e36a859d9c89e98fa5c75c2c5c.exe
    "C:\Users\Admin\AppData\Local\Temp\ba380964a0905d9c84431100df8ed63f4f11c5e36a859d9c89e98fa5c75c2c5c.exe"
    1⤵
    • Adds Run key to start application
    PID:800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/800-54-0x0000000000E80000-0x0000000000EA4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/800-55-0x00000000765F1000-0x00000000765F3000-memory.dmp
    Filesize

    8KB

    Download