Overview

overview

10

Static

static

10

TeamViewer_Setup.exe

windows7-x64

TeamViewer_Setup.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeamViewer_Setup.exe

  • Size

    470KB

  • Sample

    230718-mbc4sahe42

  • MD5

    17e792b0bb256533ce3fda3a2c4a093a

  • SHA1

    901d60993c45332419f9f8619dec044e2a9fc41a

  • SHA256

    4c477e0e78863415e64ce9656ef2d1db0e45e60d02ccd21ad52ae51f637815f1

  • SHA512

    e5cea3e26bb612067546e7eb8e21689a98a1c6ff032ff466eface6cee1cb8c547880efe1bc9e2046e121e637e6fa032fb311b1b22aa18d501bfbc15970e448eb

  • SSDEEP

    6144:hqly+DJZKBI0FyYeY4eoiJ+sCFv1A4Inlz+:SOyYrZos+xFvIl6

Score
10/10
vanillaratevasionpersistencerattrojan

Malware Config

Targets

    • Target

      TeamViewer_Setup.exe

    • Size

      470KB

    • MD5

      17e792b0bb256533ce3fda3a2c4a093a

    • SHA1

      901d60993c45332419f9f8619dec044e2a9fc41a

    • SHA256

      4c477e0e78863415e64ce9656ef2d1db0e45e60d02ccd21ad52ae51f637815f1

    • SHA512

      e5cea3e26bb612067546e7eb8e21689a98a1c6ff032ff466eface6cee1cb8c547880efe1bc9e2046e121e637e6fa032fb311b1b22aa18d501bfbc15970e448eb

    • SSDEEP

      6144:hqly+DJZKBI0FyYeY4eoiJ+sCFv1A4Inlz+:SOyYrZos+xFvIl6

    Score
    10/10
    vanillaratevasionpersistencerattrojan

    • UAC bypass

      evasiontrojan

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Vanilla Rat payload

      rat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks