vanillarat | 3c94526aebbd26379525871418cb3121f87f5a3511274a3bed9d5d0570509f40 | Triage

Submit
Reports

Overview

overview

Static

static

Bat_To_Exe...er.exe

windows7-x64

Sharing

General

Target

Bat_To_Exe_Converter.exe
Size

267KB
Sample

230710-veaf3acb29
MD5

286567d99f950717e9391f472d030218
SHA1

880ab32fbcdc20a0a21b5c2370c201b37096d1a3
SHA256

3c94526aebbd26379525871418cb3121f87f5a3511274a3bed9d5d0570509f40
SHA512

bf939b46e0e1bdddb360b5afdad7dfd979f5c2382423029eda7a484d9831c62f63687e6e136306509091f7e06d6e7d36cc482851dd4d55b83d5b5b6209d816db
SSDEEP

6144:XJZKBI0RyYeY4eoiJ+sCFvvKd/LZZ3Ru79kkkkkkkkkkkkkkkkskkkkkkkkkkkkq:OyYrZos+xFvERupkkkkkkkkkkkkkkkkZ

Score

10^/10

vanillarat persistence ransomware rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Bat_To_Exe_Converter.exe

Resource

win7-20230705-en

vanillarat persistence ransomware rat

windows7-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  Bat_To_Exe_Converter.exe
- Size
  
  267KB
- MD5
  
  286567d99f950717e9391f472d030218
- SHA1
  
  880ab32fbcdc20a0a21b5c2370c201b37096d1a3
- SHA256
  
  3c94526aebbd26379525871418cb3121f87f5a3511274a3bed9d5d0570509f40
- SHA512
  
  bf939b46e0e1bdddb360b5afdad7dfd979f5c2382423029eda7a484d9831c62f63687e6e136306509091f7e06d6e7d36cc482851dd4d55b83d5b5b6209d816db
- SSDEEP
  
  6144:XJZKBI0RyYeY4eoiJ+sCFvvKd/LZZ3Ru79kkkkkkkkkkkkkkkkskkkkkkkkkkkkq:OyYrZos+xFvERupkkkkkkkkkkkkkkkkZ
Score

10^/10

vanillarat persistence ransomware rat
- VanillaRat
  VanillaRat is an advanced remote administration tool coded in C#.
  rat vanillarat
- Vanilla Rat payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

vanillaratpersistenceransomwarerat

© 2018-2024

Terms | Privacy