Overview

overview

10

Static

static

10

110852b862...a7.exe

windows7-x64

10

110852b862...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    110852b8629477f0483bdcd381aae7a7

  • Size

    7.1MB

  • Sample

    240229-sytmyadb8s

  • MD5

    110852b8629477f0483bdcd381aae7a7

  • SHA1

    3242ea437ab5a6c08d5ceb3343c78bf457d49d01

  • SHA256

    ac86c98a4e8eb00a2e85079613c12a32d664bd4d9f7c07b05541874fddf0e005

  • SHA512

    f5833154a846e4b3f671bd103c04652b2213a13724e1a1619159275854b7b6373fd3b990f5dd2210d4bb344452bcf6f2fbb6d41adf591fe6f0ea3e0b6634f288

  • SSDEEP

    98304:9B2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:OcUG4raKu24YY7HVT4hV0AD6QgqKRgX

Score
10/10
vanillaratagilenetevasionratthemidatrojan

Malware Config

Targets

    • Target

      110852b8629477f0483bdcd381aae7a7

    • Size

      7.1MB

    • MD5

      110852b8629477f0483bdcd381aae7a7

    • SHA1

      3242ea437ab5a6c08d5ceb3343c78bf457d49d01

    • SHA256

      ac86c98a4e8eb00a2e85079613c12a32d664bd4d9f7c07b05541874fddf0e005

    • SHA512

      f5833154a846e4b3f671bd103c04652b2213a13724e1a1619159275854b7b6373fd3b990f5dd2210d4bb344452bcf6f2fbb6d41adf591fe6f0ea3e0b6634f288

    • SSDEEP

      98304:9B2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:OcUG4raKu24YY7HVT4hV0AD6QgqKRgX

    Score
    10/10
    vanillaratagilenetevasionratthemidatrojan

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Detects executables packed with Agile.NET / CliSecure

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Vanilla Rat payload

      rat

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks