Overview
overview
10Static
static
10VanillaRat...er.bat
windows7-x64
7VanillaRat...er.bat
windows10-2004-x64
10VanillaRat...at.exe
windows7-x64
10VanillaRat...at.exe
windows10-2004-x64
1VanillaRat...ub.exe
windows7-x64
10VanillaRat...ub.exe
windows10-2004-x64
10VanillaRat/Start.bat
windows7-x64
7VanillaRat/Start.bat
windows10-2004-x64
10General
-
Target
VanillaRat.rar
-
Size
9.3MB
-
Sample
231101-m5evgahc86
-
MD5
a049dc80cb0ce48c4e91ac7d5172a082
-
SHA1
e45fe95f502072b7ff28e6b3978fc0fd80e58ca1
-
SHA256
e590d9d061fc38da277121abaf50c5d2432fe4cab8eb4fc347687d04c188f34b
-
SHA512
0785dc1529f61a5b9af743d24cd5aa836b871dc077cc2ec37b0c66998f79c5fed260e1d4859a43ccb7fc5e0fab0173e64f59f245106325f7e36b6a6bd4a5dfea
-
SSDEEP
196608:JBl2bbnL8Gw727XWgrz7BrNsMeYg58cvLXthkIYisyqIjRqVTvBKFsOcoN:JB8bbn4umoPgMeb8cLtSIjsyqIEVYFsC
Behavioral task
behavioral1
Sample
VanillaRat/Handlers/HandlerInstaller.bat
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
VanillaRat/Handlers/HandlerInstaller.bat
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
VanillaRat/Main/VanillaRat.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
VanillaRat/Main/VanillaRat.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
VanillaRat/Main/VanillaStub.exe
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
VanillaRat/Main/VanillaStub.exe
Resource
win10v2004-20231025-en
Behavioral task
behavioral7
Sample
VanillaRat/Start.bat
Resource
win7-20231020-en
Behavioral task
behavioral8
Sample
VanillaRat/Start.bat
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
VanillaRat/Handlers/HandlerInstaller.bat
-
Size
12.4MB
-
MD5
36120c9b85ac8d0886754aea83b5f651
-
SHA1
f37d5eb87609e6312dc30b37f3b9568f788e1d9d
-
SHA256
3087b98c490a4be2e1e8d97a74edbacaab32c4162c49050408e9c86e0d1374eb
-
SHA512
973d80dd9f55c9219c0c1fcb194cb3151b872b2187a83abbcae53f9185a37877253962c116c282019e2309154b0ee0aba4675862f9e4eb4b0084a757ed7a8957
-
SSDEEP
49152:gfNOR3QlUQZ81jHk0IYRuKSGUhYHEPgU9XA1J8yWSUZ89FIJI25U3euQ6o2Mif+6:J
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
VanillaRat/Main/VanillaRat.exe
-
Size
1.8MB
-
MD5
15e08de70a1aa3202bf12873d7464cfb
-
SHA1
3797022285b7250fe7c3b4d3c68aabd7b02e77df
-
SHA256
0888ca367d882709d10712f6d8eefc5945ff067467e832f59e0071a86ae96555
-
SHA512
f084621d43085877aaccdfa73394e4ec11e56a2c7d6086aa6308b0e086a3d5bfa7c18fc4374a1d2028868fad0f9d45dff4d82a6c0ef8c2e9946a901a7779a343
-
SSDEEP
24576:HDTgl3eQury9oQqdTfqauvHpcV3+bGeVUEY995IK5:jkJ94y9oBuvHCuHqEV
Score10/10-
Vanilla Rat payload
-
Executes dropped EXE
-
-
-
Target
VanillaRat/Main/VanillaStub.exe
-
Size
111KB
-
MD5
ba4ef2f128dd9d5ad47cf36448248cbc
-
SHA1
c791033df85c85b1c67638a64177553cef896970
-
SHA256
3515285bcb1e7b4a7c5a570ab9ba0543f4733cc9b1a5afb6d4c1bc4d0b0afa92
-
SHA512
f83f79f85167e2980b85db8a8fbd731c352ccf049203749fb70fabba78067361ebd15fe22783cd8a80355e4ae66a6999eee200aadacf75556dec3c67b840f287
-
SSDEEP
3072:o0w4Vztdrx+jiEPtXKb0H/vbabULtyTl:LxrrkzPtabK/v50
Score10/10-
Vanilla Rat payload
-
-
-
Target
VanillaRat/Start.bat
-
Size
3KB
-
MD5
78d817fe7349683c207f17c0b4774484
-
SHA1
9dc66330a6aef8e8678b45ac3fa79091f2f50ccc
-
SHA256
b7ddf09d72ad1671da5c5ad5bf0e5d22ac6f4fee8cedd04f188a9e109e8b86f6
-
SHA512
77e0bdc2d0faa24d4f4ff42059f8b002b7214300fd7f44b07d76fb042b111a1ad85e2b32e1032942aaf29bed11efe17a73e623cafd777ec21e603118e70d2699
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-