Overview
overview
10Static
static
10Dangerous ...dd.zip
windows7-x64
1Dangerous ...dd.zip
windows10-2004-x64
1Dangerous ...nd.exe
windows7-x64
1Dangerous ...nd.exe
windows10-2004-x64
1Dangerous ...ox.dll
windows7-x64
1Dangerous ...ox.dll
windows10-2004-x64
1Dangerous ...og.rtf
windows7-x64
4Dangerous ...og.rtf
windows10-2004-x64
1Dangerous ...nd.exe
windows7-x64
1Dangerous ...nd.exe
windows10-2004-x64
Dangerous ...ub.exe
windows7-x64
3Dangerous ...ub.exe
windows10-2004-x64
7Dangerous ...ub.exe
windows7-x64
1Dangerous ...ub.exe
windows10-2004-x64
1Dangerous ...ub.vbs
windows7-x64
1Dangerous ...ub.vbs
windows10-2004-x64
1Dangerous ...il.dll
windows7-x64
1Dangerous ...il.dll
windows10-2004-x64
1Dangerous ...io.dll
windows7-x64
1Dangerous ...io.dll
windows10-2004-x64
1Dangerous ...20.exe
windows7-x64
10Dangerous ...20.exe
windows10-2004-x64
10Dangerous ...ad.exe
windows7-x64
Dangerous ...ad.exe
windows10-2004-x64
10Dangerous ...AN.exe
windows7-x64
1Dangerous ...AN.exe
windows10-2004-x64
1Dangerous ...df.exe
windows7-x64
1Dangerous ...df.exe
windows10-2004-x64
1Dangerous ...nt.dll
windows7-x64
1Dangerous ...nt.dll
windows10-2004-x64
1Dangerous ...nx.dll
windows7-x64
1Dangerous ...nx.dll
windows10-2004-x64
1Analysis
-
max time kernel
1s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
14-12-2023 22:54
Behavioral task
behavioral1
Sample
Dangerous RAT 2020 Crackedd.zip
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Dangerous RAT 2020 Crackedd.zip
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
Dangerous RAT 2020 Crackedd/Extensions/Bind.exe
Resource
win7-20231130-en
Behavioral task
behavioral4
Sample
Dangerous RAT 2020 Crackedd/Extensions/Bind.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral5
Sample
Dangerous RAT 2020 Crackedd/FastColoredTextBox.dll
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
Dangerous RAT 2020 Crackedd/FastColoredTextBox.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral7
Sample
Dangerous RAT 2020 Crackedd/Kalogar_Online/Dell-12-30-2020/Keylog.rtf
Resource
win7-20231130-en
Behavioral task
behavioral8
Sample
Dangerous RAT 2020 Crackedd/Kalogar_Online/Dell-12-30-2020/Keylog.rtf
Resource
win10v2004-20231130-en
Behavioral task
behavioral9
Sample
Dangerous RAT 2020 Crackedd/Kay/Bind.exe
Resource
win7-20231201-en
Behavioral task
behavioral10
Sample
Dangerous RAT 2020 Crackedd/Kay/Bind.exe
Resource
win10v2004-20231201-en
Behavioral task
behavioral11
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral13
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.exe
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral15
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.vbs
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
Dangerous RAT 2020 Crackedd/Kay/Stub.vbs
Resource
win10v2004-20231127-en
Behavioral task
behavioral17
Sample
Dangerous RAT 2020 Crackedd/Mono.Cecil.dll
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
Dangerous RAT 2020 Crackedd/Mono.Cecil.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral19
Sample
Dangerous RAT 2020 Crackedd/NAudio.dll
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
Dangerous RAT 2020 Crackedd/NAudio.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral21
Sample
Dangerous RAT 2020 Crackedd/NjRat Dangerous 2020.exe
Resource
win7-20231130-en
Behavioral task
behavioral22
Sample
Dangerous RAT 2020 Crackedd/NjRat Dangerous 2020.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral23
Sample
Dangerous RAT 2020 Crackedd/Payload.exe
Resource
win7-20231201-en
Behavioral task
behavioral24
Sample
Dangerous RAT 2020 Crackedd/Payload.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral25
Sample
Dangerous RAT 2020 Crackedd/Plugin/AN.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
Dangerous RAT 2020 Crackedd/Plugin/AN.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral27
Sample
Dangerous RAT 2020 Crackedd/Plugin/Adf.exe
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
Dangerous RAT 2020 Crackedd/Plugin/Adf.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral29
Sample
Dangerous RAT 2020 Crackedd/Plugin/Ant.dll
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
Dangerous RAT 2020 Crackedd/Plugin/Ant.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral31
Sample
Dangerous RAT 2020 Crackedd/Plugin/Anx.dll
Resource
win7-20231023-en
Behavioral task
behavioral32
Sample
Dangerous RAT 2020 Crackedd/Plugin/Anx.dll
Resource
win10v2004-20231127-en
General
-
Target
Dangerous RAT 2020 Crackedd/Plugin/AN.exe
-
Size
15KB
-
MD5
d8bd6580617429c127bf1986f02006bf
-
SHA1
8326e56f7e1a3ae1a923e72ba8723dbc6ee5f4f0
-
SHA256
aadf0c5019cabefb8b33acb7de63b2d4dbf51a0a47a2550633b9a988675bcd0a
-
SHA512
2b72502031b771db467a77a12e0c6fe0e620e858364af96a97c13a27903d9e1261e403640856bd64c83ba3d82ad70dd26a1250443df28e8cdde1966357e33e75
-
SSDEEP
384:Jas/P8/d+yU99rbb09VkwqELjwF2pMT0HWSJ1i:Jau81Y9bbsxJi
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
AN.exepid process 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe 1148 AN.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
AN.exedescription pid process Token: SeDebugPrivilege 1148 AN.exe