Resubmissions
11-11-2023 21:54
231111-1sgeesbg5t 811-11-2023 21:52
231111-1rakgsbg3y 711-11-2023 21:24
231111-z81mkabf5v 711-11-2023 21:20
231111-z62f3scd27 711-11-2023 21:19
231111-z6csqacd25 711-11-2023 21:18
231111-z5pqwscc99 711-11-2023 21:13
231111-z22laabf3w 911-11-2023 21:10
231111-z1cwjacc82 711-11-2023 20:08
231111-ywskracb37 7General
-
Target
888Rat.exe
-
Size
93.6MB
-
Sample
231111-z62f3scd27
-
MD5
553951bbbde6c6001ade88f3a06a9b9a
-
SHA1
28cd84b4533433cc925123f106e4efbbddd3c2ca
-
SHA256
4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365
-
SHA512
e9cf57ca2cd87fa2b3c05c0003ae11fc51d4139072d028ba52d665de57fffcb9c279cbe19ede001cc56ac464212ab8f6cbb8e7023c7ca567835a7b540a58521d
-
SSDEEP
1572864:ST0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5km:ST0I1IGfr0H4HbLYrXajRPcl0issnM4s
Malware Config
Targets
-
-
Target
888Rat.exe
-
Size
93.6MB
-
MD5
553951bbbde6c6001ade88f3a06a9b9a
-
SHA1
28cd84b4533433cc925123f106e4efbbddd3c2ca
-
SHA256
4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365
-
SHA512
e9cf57ca2cd87fa2b3c05c0003ae11fc51d4139072d028ba52d665de57fffcb9c279cbe19ede001cc56ac464212ab8f6cbb8e7023c7ca567835a7b540a58521d
-
SSDEEP
1572864:ST0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5km:ST0I1IGfr0H4HbLYrXajRPcl0issnM4s
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-