General
-
Target
TeamViewer_Setup.exe
-
Size
167KB
-
Sample
230717-m37sgacb3y
-
MD5
2240642fb1ec17326aba4bc86afecb30
-
SHA1
2601fb7ed63861ad837bc0b9a283f1230a295fb8
-
SHA256
203b9d7b8796ea071beb263723991d57a40b25b77d0cbd2e4bd8dff62601331e
-
SHA512
59f7a81a7db22c635a4c20baacf94c174f344762bff66bd2012b9ebf4012c6c4320c479340b34bd0f56d6a4acdc415d862468f909462f7113333a5c7a26ae0e3
-
SSDEEP
3072:SJZKnPE2YyJzELtyTtyYeY8lNgoiJ+sX8HFvytb4NQhjktOJ3Mz+:SJZKBI0tyYeY4eoiJ+sCFvXRW8z+
Malware Config
Targets
-
-
Target
TeamViewer_Setup.exe
-
Size
167KB
-
MD5
2240642fb1ec17326aba4bc86afecb30
-
SHA1
2601fb7ed63861ad837bc0b9a283f1230a295fb8
-
SHA256
203b9d7b8796ea071beb263723991d57a40b25b77d0cbd2e4bd8dff62601331e
-
SHA512
59f7a81a7db22c635a4c20baacf94c174f344762bff66bd2012b9ebf4012c6c4320c479340b34bd0f56d6a4acdc415d862468f909462f7113333a5c7a26ae0e3
-
SSDEEP
3072:SJZKnPE2YyJzELtyTtyYeY8lNgoiJ+sX8HFvytb4NQhjktOJ3Mz+:SJZKBI0tyYeY4eoiJ+sCFvXRW8z+
Score10/10-
VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
-
Vanilla Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-