vanillarat | 7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9 | Triage

Submit
Reports

Overview

overview

Static

static

TeamViewer_Setup.exe

windows7-x64

TeamViewer_Setup.exe

windows10-1703-x64

TeamViewer_Setup.exe

windows10-2004-x64

Sharing

General

Target

TeamViewer_Setup.exe
Size

470KB
Sample

230719-tw7mfsac8w
MD5

b3c7ffb0c5ba452d0c68da59f90b39af
SHA1

ee538ad689a49911cc4befae22269b8c3a261caa
SHA256

7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9
SHA512

d0a89e233aa03983f5b8d7067a923469b48eaac6d24f2a73ce22afdeefa2eb1c2976a69b511c25ff2845b49f43dfd2e68d7083506a162bb3b6669c5ee644b36e
SSDEEP

6144:eqly+sJZKBI09yYeY4eoiJ+sCFv1peInLz+:RRyYrZos+xFvHL6

Score

10^/10

vanillarat evasion persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

TeamViewer_Setup.exe

Resource

win7-20230712-en

vanillarat evasion persistence rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

TeamViewer_Setup.exe

Resource

win10-20230703-en

vanillarat evasion persistence rat trojan

windows10-1703-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

TeamViewer_Setup.exe

Resource

win10v2004-20230703-en

vanillarat evasion persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  TeamViewer_Setup.exe
- Size
  
  470KB
- MD5
  
  b3c7ffb0c5ba452d0c68da59f90b39af
- SHA1
  
  ee538ad689a49911cc4befae22269b8c3a261caa
- SHA256
  
  7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9
- SHA512
  
  d0a89e233aa03983f5b8d7067a923469b48eaac6d24f2a73ce22afdeefa2eb1c2976a69b511c25ff2845b49f43dfd2e68d7083506a162bb3b6669c5ee644b36e
- SSDEEP
  
  6144:eqly+sJZKBI09yYeY4eoiJ+sCFv1peInLz+:RRyYrZos+xFvHL6
Score

10^/10

vanillarat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- VanillaRat
  VanillaRat is an advanced remote administration tool coded in C#.
  rat vanillarat
- Vanilla Rat payload
  rat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vanillaratevasionpersistencerattrojan

behavioral2

vanillaratevasionpersistencerattrojan

behavioral3

vanillaratevasionpersistencerattrojan

© 2018-2024

Terms | Privacy