Overview

overview

10

Static

static

10

VanillaRat...er.bat

windows7-x64

7

VanillaRat...er.bat

windows10-2004-x64

10

VanillaRat...at.exe

windows7-x64

10

VanillaRat...at.exe

windows10-2004-x64

1

VanillaRat...ub.exe

windows7-x64

10

VanillaRat...ub.exe

windows10-2004-x64

10

VanillaRat/Start.bat

windows7-x64

7

VanillaRat/Start.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2023 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VanillaRat/Main/VanillaRat.exe

  • Size

    1.8MB

  • MD5

    15e08de70a1aa3202bf12873d7464cfb

  • SHA1

    3797022285b7250fe7c3b4d3c68aabd7b02e77df

  • SHA256

    0888ca367d882709d10712f6d8eefc5945ff067467e832f59e0071a86ae96555

  • SHA512

    f084621d43085877aaccdfa73394e4ec11e56a2c7d6086aa6308b0e086a3d5bfa7c18fc4374a1d2028868fad0f9d45dff4d82a6c0ef8c2e9946a901a7779a343

  • SSDEEP

    24576:HDTgl3eQury9oQqdTfqauvHpcV3+bGeVUEY995IK5:jkJ94y9oBuvHCuHqEV

Score
10/10
vanillaratrat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanilla Rat payload 3 IoCs
    rat
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 43 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\VanillaRat.exe
    "C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\VanillaRat.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\Clients\
      2⤵
        PID:3020
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\Clients\.exe
        "C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\Clients\.exe"
        2⤵
        • Executes dropped EXE
        PID:2320

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\Clients\.exe
      Filesize

      111KB

      MD5

      b947f78e5905e2017cfaf7a463be882c

      SHA1

      cdb9805af6ffb487e1d02e052de5da7cb6e31bd2

      SHA256

      5e53ce7883322159f67519a50c33a9e749743e2019b62d8f5662857e66467ab9

      SHA512

      b9bbde6720f34be1dfdd29f22eff8fe38a66dea1492bad10ead85bcb0058cc2e795ff3f64b07947e47516ab211f855a66c767ea643962e6ffb4242f2babf0ffc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\VanillaRat\Main\Clients\.exe
      Filesize

      111KB

      MD5

      b947f78e5905e2017cfaf7a463be882c

      SHA1

      cdb9805af6ffb487e1d02e052de5da7cb6e31bd2

      SHA256

      5e53ce7883322159f67519a50c33a9e749743e2019b62d8f5662857e66467ab9

      SHA512

      b9bbde6720f34be1dfdd29f22eff8fe38a66dea1492bad10ead85bcb0058cc2e795ff3f64b07947e47516ab211f855a66c767ea643962e6ffb4242f2babf0ffc

      Download Submit
    • memory/2320-26-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-23-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-22-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-21-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-18-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-17-0x000007FEF61E0000-0x000007FEF6BCC000-memory.dmp
      Filesize

      9.9MB

      Download
    • memory/2320-15-0x000000001BC30000-0x000000001BCB0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2320-14-0x000007FEF61E0000-0x000007FEF6BCC000-memory.dmp
      Filesize

      9.9MB

      Download
    • memory/2320-13-0x0000000000DB0000-0x0000000000DD2000-memory.dmp
      Filesize

      136KB

      Download
    • memory/2736-6-0x00000000004D0000-0x0000000000510000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2736-3-0x0000000005170000-0x0000000005250000-memory.dmp
      Filesize

      896KB

      Download
    • memory/2736-1-0x0000000074C10000-0x00000000752FE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2736-7-0x00000000088B0000-0x00000000089CC000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/2736-24-0x000000000A030000-0x000000000A048000-memory.dmp
      Filesize

      96KB

      Download
    • memory/2736-0-0x0000000000E50000-0x0000000001018000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/2736-5-0x0000000074C10000-0x00000000752FE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2736-19-0x00000000004D0000-0x0000000000510000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2736-20-0x00000000004D0000-0x0000000000510000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2736-4-0x00000000004D0000-0x0000000000510000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2736-2-0x00000000004D0000-0x0000000000510000-memory.dmp
      Filesize

      256KB

      Download
    • memory/3008-10-0x0000000003A00000-0x0000000003A10000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3008-16-0x00000000039B0000-0x00000000039B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3008-9-0x00000000039B0000-0x00000000039B1000-memory.dmp
      Filesize

      4KB

      Download