General

  • Target

    MMLo7-Rat-main.zip

  • Size

    6.9MB

  • Sample

    230822-dtzaashg22

  • MD5

    b50c981ad01db7b21b7b760b6153a3d8

  • SHA1

    a47220b1ebd770f34e45887be042ae0ea52c8199

  • SHA256

    664df7eb94315e69939e7b16fa546710d3bdfccb8d1fd0b6eff067165c5764fd

  • SHA512

    a9a2f73328cc366c57a7d8b8c5a9ae6798af0cf6908a8e410ab0406c86eeec0e3688aa851ae07a02d7d0ce62a606fab840018968994019a363f3e825db134cf9

  • SSDEEP

    196608:Qc0eI5yaSU6GH2Th2T3/BXbRDV60HqLG0:h0VyNUHKo35LRhiF

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Extracted

Family

xworm

Attributes
  • install_file

    USB.exe

Targets

    • Target

      MMLo7-Rat-main.zip

    • Size

      6.9MB

    • MD5

      b50c981ad01db7b21b7b760b6153a3d8

    • SHA1

      a47220b1ebd770f34e45887be042ae0ea52c8199

    • SHA256

      664df7eb94315e69939e7b16fa546710d3bdfccb8d1fd0b6eff067165c5764fd

    • SHA512

      a9a2f73328cc366c57a7d8b8c5a9ae6798af0cf6908a8e410ab0406c86eeec0e3688aa851ae07a02d7d0ce62a606fab840018968994019a363f3e825db134cf9

    • SSDEEP

      196608:Qc0eI5yaSU6GH2Th2T3/BXbRDV60HqLG0:h0VyNUHKo35LRhiF

    Score
    1/10
    • Target

      MMLo7-Rat-main/ComponentFactory.Krypton.Toolkit.dll

    • Size

      2.8MB

    • MD5

      129884de0e136521fd650c59b2633e82

    • SHA1

      43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

    • SHA256

      8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

    • SHA512

      fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

    • SSDEEP

      24576:9aA+gKf9mE6kWF2IaltkdgZUfoOJtMl6X1ZTJxf9VqY7djlb1IqdGsUfSYqsyb:UIaltkdgqHJtMl6XD7h7Nh1ImYqsy

    Score
    1/10
    • Target

      MMLo7-Rat-main/ComponentFactory.Krypton.Toolkit.pdb

    • Size

      6.6MB

    • MD5

      5a3085fdd24c102f3d466ac92b8aaa17

    • SHA1

      c0eaaa892b3af3133c0dc0d20d96055817442260

    • SHA256

      5d48ad683e71d8a28f8b0f75952ddcfac127850fae74f2fdff500278e6a66a4c

    • SHA512

      dd20f74f9b74c4a7b03f96e969d764ccc6df33a772d34e0b7b4aea3d4913a8fee8b360ccdd51be57ceec414f13060c70c33419d75af95fc768b1632d6e8264ef

    • SSDEEP

      24576:xmMS2ySy5WenpDs/rUlFftAzngc5p66hNepJ6i2lA2Nc/YpvNyUV:NFOpJIJ9yG

    Score
    3/10
    • Target

      MMLo7-Rat-main/Krypton.Toolkit.dll

    • Size

      4.3MB

    • MD5

      068b4f05eb35479a419bc55da643781e

    • SHA1

      1d0fe6bb23bbd63dc6d4248f7c17afcf4bc16dea

    • SHA256

      477ebd61ce116c6908a1cd1e50bc93869f6f7b9c3e0e5757551e6dd2a01b4648

    • SHA512

      f9022c7d91364519f5b773fd641741637f89a4f4f8eb1406d1c594e0a286724cea7494fb047e810bbed0579b6870db49a6828b1c79808e4554d762f326a87dcc

    • SSDEEP

      49152:tmB08naO5IDdOBQNJxtk7ryrDdkny3y+sUFdRcRkMb2J:Mu8naO5oj9k7rODdlmHOMbO

    Score
    1/10
    • Target

      MMLo7-Rat-main/Krypton.Toolkit.xml

    • Size

      5.8MB

    • MD5

      51106091a221ac4f93c6fad3fc94faf6

    • SHA1

      3906ef70c79edb503c6a0e79d5b3ad6f09d32d12

    • SHA256

      c6a2dfb5abf0d42ccbdd38f557bfa3a83ebe3de26d73ef7260317fd0f8d363a8

    • SHA512

      279c7f945d32f1963f82378bb801eebcfbcefaa0c0c6d71243c683ddf548e480535ccc32ead4407fb6df460a501e80bac49879d000b1ec0cd38abcdfc461a2cc

    • SSDEEP

      6144:2zsZirzNjCBCfjMy6z0jp0vT3C1rdxCBR1JTRXjIBmBDzrAhDTDfz9rrx/qkjQec:VyZUUTfx8xZp

    Score
    3/10
    • Target

      MMLo7-Rat-main/MMLo7 Rat.exe

    • Size

      2.8MB

    • MD5

      2dc24c81438806bd03b492b9a3f3c55c

    • SHA1

      1b62f6d53570d7cd3c8d04e6ea7e349b5de5cc89

    • SHA256

      3edd74d68dd78681ed9eae3973ee2fb878c60e6e24dfa313ea2b4547008b1149

    • SHA512

      f03ef03ffd926c35a6c88be065a8b6174af323a9fc633fc8d0c1ee55bf8b2eb5ef824d9c9feda21104dd10ff7f0d8d0660e9d4ba0cd8a932dd5d8e342f023ce1

    • SSDEEP

      49152:cTtjEoXzJndn324ktdDyXqimfg9vdsIvQBLjEWdK/EEj8iG/MRmJ:stnXzJ12lDyXJMsvGs8Ljc7oRR

    Score
    10/10
    • Xworm

      Xworm is a remote access trojan written in C#.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      MMLo7-Rat-main/MMLo7 Rat.exe.config

    • Size

      161B

    • MD5

      c16b0746faa39818049fe38709a82c62

    • SHA1

      3fa322fe6ed724b1bc4fd52795428a36b7b8c131

    • SHA256

      d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad

    • SHA512

      cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c

    Score
    3/10
    • Target

      MMLo7-Rat-main/Mono.Cecil.dll

    • Size

      277KB

    • MD5

      8df4d6b5dc1629fcefcdc20210a88eac

    • SHA1

      16c661757ad90eb84228aa3487db11a2eac6fe64

    • SHA256

      3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e

    • SHA512

      874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174

    • SSDEEP

      6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA

    Score
    1/10
    • Target

      MMLo7-Rat-main/Mono.Nat.dll

    • Size

      40KB

    • MD5

      bf929442b12d4b5f9906b29834bf7db1

    • SHA1

      810a2b3c8e548d1df931538bc304cc1405f7a32b

    • SHA256

      b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0

    • SHA512

      9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828

    • SSDEEP

      768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF

    Score
    1/10
    • Target

      MMLo7-Rat-main/Profiles/Default.xml

    • Size

      1016B

    • MD5

      804a72ca0e8d431d67ec1f1920d839cd

    • SHA1

      2f3d22973e147a049ac87817d26ec13dcc959a2c

    • SHA256

      ebe8b86d9c5e1865a4d8ae9c7781a04a56e865bd5e5ffd114211191bae161497

    • SHA512

      07c5974f18be4769e9af00d2d5378c5a389be0b8ec4649b0dbd24b84643ab5aa322d0a68417e301795a49bc3dfef767668f6d8fc48178f521e99c51221393213

    Score
    3/10
    • Target

      MMLo7-Rat-main/README.md

    • Size

      1009B

    • MD5

      34ada5b9b612dd56f7124a134424ef11

    • SHA1

      9abfc47b544f42dca6b79ce3966ee72098edb5e8

    • SHA256

      f2dc6b378bd5959096541650bc59ad0806817147df38cfb4e181d590d52bcd38

    • SHA512

      d14ccbbc17f4e150b782b37efe53b1ac3aa7c5d5f225f2abbad3c1501770f1c3e4431cfafd7127c78acb1219a87303601c25c395e28726ebf5ef2feba062fc96

    Score
    3/10
    • Target

      MMLo7-Rat-main/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      64e9cb25aeefeeba3bb579fb1a5559bc

    • SHA1

      e719f80fcbd952609475f3d4a42aa578b2034624

    • SHA256

      34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993

    • SHA512

      b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c

    • SSDEEP

      1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp

    Score
    1/10
    • Target

      MMLo7-Rat-main/client.bin

    • Size

      286KB

    • MD5

      c81a9adf64819041ac1435fab28004e3

    • SHA1

      a126d54caabbdd6456ac1ddd57a4ead629f4f287

    • SHA256

      5a1c7a22a6fbe36701b53b49a134ad37ab6194030753824a1bef260862902ac8

    • SHA512

      3ec5bc46bd46a06271905614adde9e60dd30d2315eb700d36852c6d2e1207a6218d007a7eb9ef2f0134eae53b1a04305be61e314e0ca426e132e8660e0bdcf58

    • SSDEEP

      6144:lGz3mOwb5nxTfSUkAxzi1jZtV6GUvUwibiCcefPgMJjaTbMFfCNB53C:2YxrOKHibiCce3jaU6B53C

    Score
    10/10
    • Target

      MMLo7-Rat-main/settings.xml

    • Size

      426B

    • MD5

      08eaf0a087c3a7d35c1c0e50dd304cbd

    • SHA1

      e6f8463ad17ae7ef4b28b33ad6d6742791bfa628

    • SHA256

      f638d7332e5b55ac336f8f6f2692a3db9df3b51f95771720d923f4db439e3fdb

    • SHA512

      ccc6b132eebe3536671bff04fc6d7664abdfe5dd8022fa64bf6a678927791f39b55b7d890f210570378b16fb59dd219e216a979f7da2fec0b3814b05da95cd2c

    Score
    3/10
    • Target

      MMLo7-Rat-main/turingmachine.exe

    • Size

      286KB

    • MD5

      c81a9adf64819041ac1435fab28004e3

    • SHA1

      a126d54caabbdd6456ac1ddd57a4ead629f4f287

    • SHA256

      5a1c7a22a6fbe36701b53b49a134ad37ab6194030753824a1bef260862902ac8

    • SHA512

      3ec5bc46bd46a06271905614adde9e60dd30d2315eb700d36852c6d2e1207a6218d007a7eb9ef2f0134eae53b1a04305be61e314e0ca426e132e8660e0bdcf58

    • SSDEEP

      6144:lGz3mOwb5nxTfSUkAxzi1jZtV6GUvUwibiCcefPgMJjaTbMFfCNB53C:2YxrOKHibiCce3jaU6B53C

    Score
    10/10
    • Target

      MMLo7-Rat-main/turingmachine.exe.config

    • Size

      161B

    • MD5

      c16b0746faa39818049fe38709a82c62

    • SHA1

      3fa322fe6ed724b1bc4fd52795428a36b7b8c131

    • SHA256

      d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad

    • SHA512

      cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

quasar
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

xwormrattrojan
Score
10/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

quasarspywaretrojan
Score
10/10

behavioral26

quasarspywaretrojan
Score
10/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

quasarspywaretrojan
Score
10/10

behavioral31

Score
1/10

behavioral32

Score
3/10