milleniumrat | 11e21fbd77f65c83f97c0c2b38c8cd394d5c96fe780188e5c94d400346b49798 | Triage

Resubmissions

01-03-2024 15:41

240301-s46jpahe82 10

20-02-2024 02:32

240220-c1ct7sab38 10

Sharing

General

Target

731812403191b60503e017d88e23b1a3.bin
Size

4.1MB
Sample

240301-s46jpahe82
MD5

d6e56a3c2d00e5dfd16ccad8542fa739
SHA1

90f3f7b2b44c8f837feb38b5cb14e3fa811f9ba0
SHA256

11e21fbd77f65c83f97c0c2b38c8cd394d5c96fe780188e5c94d400346b49798
SHA512

bedc520c39e7c14e91cd44add774a639a023f9cd0256ed4ec67ecb6f57a9d33c53adb54f390784744f8aba8ee19a419a251ab0215778009e0408084f92a04481
SSDEEP

98304:sAEvotORkSAwEwcgM1HmA5cUkU3nNkH5X5laFhT6Qp5amR28rfJk:Xb2Ackq5XDy6I5TFk

Score

10^/10

milleniumrat persistence rat stealer

Malware Config

Targets

- Target
  
  db874ae685d2bc4235b1213ec9d43d327c8d2bd12300bb0d78c9ce0a84c828b2.exe
- Size
  
  5.6MB
- MD5
  
  731812403191b60503e017d88e23b1a3
- SHA1
  
  67e1c24ded75620181916dea9654eeddf4049525
- SHA256
  
  db874ae685d2bc4235b1213ec9d43d327c8d2bd12300bb0d78c9ce0a84c828b2
- SHA512
  
  1ae78e7d5e134d56ebbe9ec3e71bd7529aedbe5670a93b7728eca0aa482ac6688187884c5a61c2c8ef308acda555152d4d5cd2938d1cfa57303a8649803f01d5
- SSDEEP
  
  98304:nsl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcR6m:nPOuK6mn9NzgMoYkSIvUcwti7TQlvciK
Score

10^/10

milleniumrat persistence rat stealer
- MilleniumRat
  MilleniumRat is a remote access trojan written in C#.
  rat stealer milleniumrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

milleniumratpersistenceratstealer

behavioral2

milleniumratpersistenceratstealer

behavioral3

milleniumratpersistenceratstealer

behavioral4

milleniumratpersistenceratstealer