milleniumrat | 304ef66a063c8d7f349e1ccae332c3d0671e39923bdc6be1dd8e788255f9575d | Triage

Resubmissions

08-02-2024 14:25

240208-rrhfnaed7t 10

08-02-2024 14:20

240208-rnnhhaed4t 10

Sharing

General

Target

304ef66a063c8d7f349e1ccae332c3d0671e39923bdc6be1dd8e788255f9575d
Size

5.7MB
Sample

240208-rrhfnaed7t
MD5

4685cc14b573164de4fb91315a6411ce
SHA1

ef14eee56ac6aec9b7b0c6bb71a926cf75720cfd
SHA256

304ef66a063c8d7f349e1ccae332c3d0671e39923bdc6be1dd8e788255f9575d
SHA512

850c5f86ca101ea63d005a04cba52336323c257d3bbc000e73cc6c5d115fb7da6372ccdcf265a76d8feb2322b412a320d031d9d66996ffcfed9d2c59b4e62686
SSDEEP

98304:3sl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcR6T:3POuK6mn9NzgMoYkSIvUcwti7TQlvcin

Score

10^/10

milleniumrat persistence rat stealer

Malware Config

Targets

- Target
  
  304ef66a063c8d7f349e1ccae332c3d0671e39923bdc6be1dd8e788255f9575d
- Size
  
  5.7MB
- MD5
  
  4685cc14b573164de4fb91315a6411ce
- SHA1
  
  ef14eee56ac6aec9b7b0c6bb71a926cf75720cfd
- SHA256
  
  304ef66a063c8d7f349e1ccae332c3d0671e39923bdc6be1dd8e788255f9575d
- SHA512
  
  850c5f86ca101ea63d005a04cba52336323c257d3bbc000e73cc6c5d115fb7da6372ccdcf265a76d8feb2322b412a320d031d9d66996ffcfed9d2c59b4e62686
- SSDEEP
  
  98304:3sl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcR6T:3POuK6mn9NzgMoYkSIvUcwti7TQlvcin
Score

10^/10

milleniumrat persistence rat stealer
- MilleniumRat
  MilleniumRat is a remote access trojan written in C#.
  rat stealer milleniumrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

milleniumratpersistenceratstealer

behavioral2

milleniumratpersistenceratstealer