General
-
Target
smartrat.txt
-
Size
85.2MB
-
Sample
240302-tj9ahseg4t
-
MD5
67546c958d28f69491ae5e0fb9a7ee11
-
SHA1
12f7746b48a3de3a57bce6e8954c84d0c5a697d5
-
SHA256
fa11472f6a5ca85ea2d58b1160166b3e1f4e453b38d98a57b3abf0e75025055c
-
SHA512
2a2e390564ba80f41c8c768a5a76e8f2d882582669e6e5014cb1b7c3815e6b59d85d65d9e7785547dfad3b67b5665e5853d67724f23ce8186fbb7cdda5b6c311
-
SSDEEP
1572864:NUXPU1e4iamkhLDyPl4QiZOznqf3Gd6xdnj+Y/5szJfE78PZNl8WKZwSBE/o6F:NUX4e4iadhLDy943Eznyo6V/8V7l8IAU
Behavioral task
behavioral1
Sample
smartrat.exe
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
smartrat.txt
-
Size
85.2MB
-
MD5
67546c958d28f69491ae5e0fb9a7ee11
-
SHA1
12f7746b48a3de3a57bce6e8954c84d0c5a697d5
-
SHA256
fa11472f6a5ca85ea2d58b1160166b3e1f4e453b38d98a57b3abf0e75025055c
-
SHA512
2a2e390564ba80f41c8c768a5a76e8f2d882582669e6e5014cb1b7c3815e6b59d85d65d9e7785547dfad3b67b5665e5853d67724f23ce8186fbb7cdda5b6c311
-
SSDEEP
1572864:NUXPU1e4iamkhLDyPl4QiZOznqf3Gd6xdnj+Y/5szJfE78PZNl8WKZwSBE/o6F:NUX4e4iadhLDy943Eznyo6V/8V7l8IAU
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1