milleniumrat | 6d207c1e954f9d60f693e17e63df73fb8e954d02544b5d52b8b18c4ab86a267e | Triage

Resubmissions

06-11-2023 13:20

231106-qlacesbc9s 10

17-10-2023 02:20

231017-csxjmsgg7s 7

Sharing

General

Target

6d207c1e954f9d60f693e17e63df73fb8e954d02544b5d52b8b18c4ab86a267e
Size

5.3MB
Sample

231106-qlacesbc9s
MD5

eba4be8ed0e9282976f8ee0b04fb2474
SHA1

f4d698ece0ff6af36c1a2e9108ea475518df0aa7
SHA256

6d207c1e954f9d60f693e17e63df73fb8e954d02544b5d52b8b18c4ab86a267e
SHA512

cbce4f46440f948f7fa4cf502df86a54f4a5aa76afa469fa26187fdbaab63781ceffab31f1178fce21ccf57d159e4527494758c42c55b25ce5fa1c2fc6f0a84b
SSDEEP

98304:g4VEl27OuKr+gvhf2Z9Nzm31PMogNuSZTKA0t9FFPEzlkqXf0FKp806UcR:guXOuK6mq9NzgMoIbk9fcpkSIKpb6UcR

Score

10^/10

milleniumrat persistence rat spyware stealer

Malware Config

Extracted

Family

milleniumrat

C2

https://api.telegram.org/bot6597086550:AAH-iMklHZd9G4OC7i-qH_lJ-F4S0eEVjPM/sendMessage?chat_id=2024893777

Targets

- Target
  
  6d207c1e954f9d60f693e17e63df73fb8e954d02544b5d52b8b18c4ab86a267e
- Size
  
  5.3MB
- MD5
  
  eba4be8ed0e9282976f8ee0b04fb2474
- SHA1
  
  f4d698ece0ff6af36c1a2e9108ea475518df0aa7
- SHA256
  
  6d207c1e954f9d60f693e17e63df73fb8e954d02544b5d52b8b18c4ab86a267e
- SHA512
  
  cbce4f46440f948f7fa4cf502df86a54f4a5aa76afa469fa26187fdbaab63781ceffab31f1178fce21ccf57d159e4527494758c42c55b25ce5fa1c2fc6f0a84b
- SSDEEP
  
  98304:g4VEl27OuKr+gvhf2Z9Nzm31PMogNuSZTKA0t9FFPEzlkqXf0FKp806UcR:guXOuK6mq9NzgMoIbk9fcpkSIKpb6UcR
Score

10^/10

milleniumrat persistence rat spyware stealer
- MilleniumRat
  MilleniumRat is a remote access trojan written in C#.
  rat stealer milleniumrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

milleniumratpersistenceratspywarestealer

behavioral2

milleniumratpersistenceratspywarestealer