Overview

overview

10

Static

static

10

TeamViewer_Setup.exe

windows7-x64

TeamViewer_Setup.exe

windows10-1703-x64

TeamViewer_Setup.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeamViewer_Setup.exe

  • Size

    470KB

  • Sample

    230719-tw7mfsac8w

  • MD5

    b3c7ffb0c5ba452d0c68da59f90b39af

  • SHA1

    ee538ad689a49911cc4befae22269b8c3a261caa

  • SHA256

    7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9

  • SHA512

    d0a89e233aa03983f5b8d7067a923469b48eaac6d24f2a73ce22afdeefa2eb1c2976a69b511c25ff2845b49f43dfd2e68d7083506a162bb3b6669c5ee644b36e

  • SSDEEP

    6144:eqly+sJZKBI09yYeY4eoiJ+sCFv1peInLz+:RRyYrZos+xFvHL6

Score
10/10
vanillaratevasionpersistencerattrojan

Malware Config

Targets

    • Target

      TeamViewer_Setup.exe

    • Size

      470KB

    • MD5

      b3c7ffb0c5ba452d0c68da59f90b39af

    • SHA1

      ee538ad689a49911cc4befae22269b8c3a261caa

    • SHA256

      7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9

    • SHA512

      d0a89e233aa03983f5b8d7067a923469b48eaac6d24f2a73ce22afdeefa2eb1c2976a69b511c25ff2845b49f43dfd2e68d7083506a162bb3b6669c5ee644b36e

    • SSDEEP

      6144:eqly+sJZKBI09yYeY4eoiJ+sCFv1peInLz+:RRyYrZos+xFvHL6

    Score
    10/10
    vanillaratevasionpersistencerattrojan

    • UAC bypass

      evasiontrojan

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Vanilla Rat payload

      rat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks