General
-
Target
887Rat.exe
-
Size
93.1MB
-
Sample
240210-j5c44abg25
-
MD5
03facd106f0b2f694c5824793be08cea
-
SHA1
0461be2a007661cf969f8d25ff2c358cc70ea8e2
-
SHA256
8ce863dbb31e5c7383ca30ddbcbfa87600dfa8cfacaa9097a38d00b47d4dae80
-
SHA512
dd7d8988fe0d9f62d175208e634cc44f5c0166c268ee0ecfca6999ea1e611e84714d78877e41c59c1dcd8b4e86206132cb00012e6b8627c0fadcc07e5358148d
-
SSDEEP
1572864:fT0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5kk:fT0I1IGfr0H4HbLYrXajRPcl0issnM4U
Malware Config
Targets
-
-
Target
887Rat.exe
-
Size
93.1MB
-
MD5
03facd106f0b2f694c5824793be08cea
-
SHA1
0461be2a007661cf969f8d25ff2c358cc70ea8e2
-
SHA256
8ce863dbb31e5c7383ca30ddbcbfa87600dfa8cfacaa9097a38d00b47d4dae80
-
SHA512
dd7d8988fe0d9f62d175208e634cc44f5c0166c268ee0ecfca6999ea1e611e84714d78877e41c59c1dcd8b4e86206132cb00012e6b8627c0fadcc07e5358148d
-
SSDEEP
1572864:fT0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5kk:fT0I1IGfr0H4HbLYrXajRPcl0issnM4U
Score10/10-
888RAT
888RAT is an Android remote administration tool.
-
Android 888 RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-