vanillarat | e590d9d061fc38da277121abaf50c5d2432fe4cab8eb4fc347687d04c188f34b

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 20:13

Target

VanillaRat/Main/VanillaStub.exe
Size

111KB
MD5

ba4ef2f128dd9d5ad47cf36448248cbc
SHA1

c791033df85c85b1c67638a64177553cef896970
SHA256

3515285bcb1e7b4a7c5a570ab9ba0543f4733cc9b1a5afb6d4c1bc4d0b0afa92
SHA512

f83f79f85167e2980b85db8a8fbd731c352ccf049203749fb70fabba78067361ebd15fe22783cd8a80355e4ae66a6999eee200aadacf75556dec3c67b840f287
SSDEEP

3072:o0w4Vztdrx+jiEPtXKb0H/vbabULtyTl:LxrrkzPtabK/v50

Score

10^/10

vanillarat rat

VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
rat vanillarat

Vanilla Rat payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral6/memory/4652-0-0x0000017A0D490000-0x0000017A0D4B2000-memory.dmp	vanillarat

C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\VanillaStub.exe
"C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\VanillaStub.exe"
1⤵
PID:4652

memory/4652-0-0x0000017A0D490000-0x0000017A0D4B2000-memory.dmp

Filesize
136KB

Download
memory/4652-1-0x00007FFD21100000-0x00007FFD21BC1000-memory.dmp

Filesize
10.8MB

Download
memory/4652-2-0x0000017A27A40000-0x0000017A27A50000-memory.dmp

Filesize
64KB

Download
memory/4652-3-0x0000017A27B60000-0x0000017A27D09000-memory.dmp

Filesize
1.7MB

Download
memory/4652-4-0x00007FFD21100000-0x00007FFD21BC1000-memory.dmp

Filesize
10.8MB

Download
memory/4652-6-0x0000017A27A40000-0x0000017A27A50000-memory.dmp

Filesize
64KB

Download