Overview

overview

10

Static

static

10

aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa.exe

  • Size

    114KB

  • Sample

    230112-q5d5qagb73

  • MD5

    7a4c9cf72195a9dde50225e94a678172

  • SHA1

    535054bd86760cc64b2750414e6e315068bc3912

  • SHA256

    6fa9194ea5cbd4ca364cb4f26057ee3634f9f10801830395cb7ea80603872db7

  • SHA512

    dd031245aeff25199c8eac585de8c22aad15373783eb3bbccccd3230b7c67966893a4f340a70f887b3ed6208dc9a423865fb7b1a46503485e8bb1268f9fca53f

  • SSDEEP

    3072:0gZApdYrD28fbJB2yLtyTIbjjxK3QdjrxivW+DXnH4vymbW1w:0/pe1J0IbXtrxivW+D34v8

Score
10/10
vanillaratpersistencerat

Malware Config

Targets

    • Target

      aa.exe

    • Size

      114KB

    • MD5

      7a4c9cf72195a9dde50225e94a678172

    • SHA1

      535054bd86760cc64b2750414e6e315068bc3912

    • SHA256

      6fa9194ea5cbd4ca364cb4f26057ee3634f9f10801830395cb7ea80603872db7

    • SHA512

      dd031245aeff25199c8eac585de8c22aad15373783eb3bbccccd3230b7c67966893a4f340a70f887b3ed6208dc9a423865fb7b1a46503485e8bb1268f9fca53f

    • SSDEEP

      3072:0gZApdYrD28fbJB2yLtyTIbjjxK3QdjrxivW+DXnH4vymbW1w:0/pe1J0IbXtrxivW+D34v8

    Score
    10/10
    vanillaratpersistencerat

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Vanilla Rat payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks