Overview

overview

10

Static

static

10

NiptuneRAT...AT.exe

windows7-x64

1

NiptuneRAT...AT.exe

windows10-2004-x64

10

NiptuneRAT...oG.dll

windows7-x64

1

NiptuneRAT...oG.dll

windows10-2004-x64

1

NiptuneRAT...uJ.dll

windows7-x64

1

NiptuneRAT...uJ.dll

windows10-2004-x64

1

NiptuneRAT...Pn.exe

windows7-x64

10

NiptuneRAT...Pn.exe

windows10-2004-x64

10

NiptuneRAT...io.dll

windows7-x64

1

NiptuneRAT...io.dll

windows10-2004-x64

1

NiptuneRAT...LC.dll

windows7-x64

1

NiptuneRAT...LC.dll

windows10-2004-x64

1

NiptuneRAT...wp.dll

windows7-x64

1

NiptuneRAT...wp.dll

windows10-2004-x64

1

NiptuneRAT...uZ.dll

windows7-x64

1

NiptuneRAT...uZ.dll

windows10-2004-x64

1

NiptuneRAT...WP.dll

windows7-x64

1

NiptuneRAT...WP.dll

windows10-2004-x64

1

NiptuneRAT...Hs.dll

windows7-x64

1

NiptuneRAT...Hs.dll

windows10-2004-x64

1

NiptuneRAT...TS.dll

windows7-x64

1

NiptuneRAT...TS.dll

windows10-2004-x64

1

NiptuneRAT...ry.dll

windows7-x64

1

NiptuneRAT...ry.dll

windows10-2004-x64

1

NiptuneRAT...xj.dll

windows7-x64

1

NiptuneRAT...xj.dll

windows10-2004-x64

1

NiptuneRAT...ng.dll

windows7-x64

1

NiptuneRAT...ng.dll

windows10-2004-x64

1

NiptuneRAT....3.dll

windows7-x64

1

NiptuneRAT....3.dll

windows10-2004-x64

1

NiptuneRAT...on.dll

windows7-x64

1

NiptuneRAT...on.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5602885050f75519abfe95d7501fc5b6.bin

  • Size

    29.9MB

  • Sample

    240319-b6gjxaeg5t

  • MD5

    5602885050f75519abfe95d7501fc5b6

  • SHA1

    54214aa8b1a4d5e2692594ba4dea973e740e2c55

  • SHA256

    5b054b368eda8d148383e6a64d890b885d9a0b1898493e1008ffe1a531118b6b

  • SHA512

    7077ede3acc4b774181ff0866eeb5eb2672cdf2409384b2d46b45f8e182f3fc91bb65788c25bacc8af473a3083cc6bbbd73f5d4646b6f0fe2fb3e850c5eab7b2

  • SSDEEP

    786432:IcRNogA1jwkC0OGikNuziqXkY0Ut79NhU8odVsGmtfIC884StIC0Q5k:IcRNojskhms5G0UsVoNIzxC0Qi

Score
10/10
agentteslaarrowratasyncratumbralidentifieragilenetrat

Malware Config

Extracted

Family

arrowrat

Botnet

identifier

C2

IP:PORT

Mutex

mutex

Targets

    • Target

      NiptuneRAT-main/NiptuneRAT.exe

    • Size

      25.1MB

    • MD5

      6239058e48e0ff85e5d2b986fe55e46d

    • SHA1

      53ecbc7f6d571f94cfbf6b489f0efd562caef1d4

    • SHA256

      77f38316f69bf30036180f76cf2f31d8f456021a06b1bd2d3b185a295d69fac4

    • SHA512

      1d3fb64d902a14df7ef6da783d8e19bfea599bb1e36d675b2a8607bbe9d2be7d03ec444b64834d40f75518b9995537062a8181bb502a7ac027e3f4de95ec2988

    • SSDEEP

      393216:qL/F1jgHAMamfqdgVcJubC0T8L1bEZ+7Dcby9Yd/T:qPjLMamCWVI0T8L1VHHaL

    Score
    10/10

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    behavioral1behavioral2

    • Target

      NiptuneRAT-main/Plugins/0guo3zbo66fqoG.dll

    • Size

      78KB

    • MD5

      e4ebcf76ff80ef398d3ab77d577f4c08

    • SHA1

      cb9e6b30a63d50ae87610f6855b64abfb25691d2

    • SHA256

      9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5

    • SHA512

      8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01

    • SSDEEP

      1536:+gqK9OLThWUkwSOykrJROOwj5vCSnVcnwwxu8NMsuS73O4VKid/:1OBX/xFwj5vCSnSwwjNH3O4xd

    Score
    1/10
    behavioral3behavioral4

    • Target

      NiptuneRAT-main/Plugins/59Zp7paEHDF7luJ.dll

    • Size

      4.0MB

    • MD5

      15e3d44d37439f3ac8574ac1c9789ec2

    • SHA1

      bb3ef30e9f4496198f412738579966210ade36e0

    • SHA256

      5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5

    • SHA512

      ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1

    • SSDEEP

      24576:L2RBtpr5ljLyeVKbed1BeaPc9oFf/V5V4IeDHRbtg58jVh6zBRkM8eJkhjpSLZFb:L2jXr5ZtVKYzX/LV4k58M8eJkhj

    Score
    1/10
    behavioral5behavioral6

    • Target

      NiptuneRAT-main/Plugins/9Ood5SWkbwPn.AnarHs

    • Size

      138KB

    • MD5

      2cf2efcc0e1d910d2d9c933ca73055d0

    • SHA1

      3bb08f4532f80bf0cd5a36f26393ba00beadb8eb

    • SHA256

      2475c46eba856424c41cf41db71fd5d6089e8be9031b35279f051da760aa216f

    • SHA512

      e16ca929bf2c7654251b02946fa7954f89971a27750e05c502acede063a55d88df16fb297c40c7bf54e04ea173cb6c3527e65ca98ad2280543e00e9ef6fa9390

    • SSDEEP

      3072:ubvh/X2z7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/Yi:ubvhPi7BqjjYHdrqkL/

    Score
    10/10
    arrowratidentifierrat

    • ArrowRat

      Remote access tool with various capabilities first seen in late 2021.

      ratarrowrat
    behavioral7behavioral8

    • Target

      NiptuneRAT-main/Plugins/Audio.dll

    • Size

      540KB

    • MD5

      8105f5149e1fea72e27f0a1455d956bc

    • SHA1

      6722d54df38b89284c3375efda3985155e6f5b8e

    • SHA256

      9b73be7a27b5aa8cabf10c79a6e515db6b59962cad3945dada2eff57bb56bfdf

    • SHA512

      4f1aaa81263bb17aa7b495cab056fd9b18058247df874866bd9cb6247f180989a0d549ce0b4595c7a636e4d6279e92004c4f159c30e8b381a1a51b9d54a84d10

    • SSDEEP

      6144:0iwpFWBbjRTvqihWI1ElZT2J2CDt4azYPfb78+OmmN8fCgN8OQSoYCY8gQNUyFJU:LkFWBxTvTWzlZSYXbg6TSJUYTPzeVzn

    Score
    1/10
    behavioral10behavioral9

    • Target

      NiptuneRAT-main/Plugins/EVa7gBMKoaHmLC.dll

    • Size

      170KB

    • MD5

      64a3d908b8a5feff2bccfc67f3a67dbd

    • SHA1

      a17d7e5fa57c99a067cac459cb507b625dac254e

    • SHA256

      6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1

    • SHA512

      66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc

    • SSDEEP

      3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb

    Score
    1/10
    behavioral11behavioral12

    • Target

      NiptuneRAT-main/Plugins/FBSyChwp.dll

    • Size

      170KB

    • MD5

      0d41ccfaa8e7ef96248b8270d1a44d08

    • SHA1

      6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326

    • SHA256

      0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3

    • SHA512

      a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e

    • SSDEEP

      3072:OXwOuoHBhyYr+x5IA+1gUtaEKJ8px4e1hkamm9RyxLeN/dIfMU+:awOuYr05T+KUtaEKJ8px4e1RmqRydeNd

    Score
    1/10
    behavioral13behavioral14

    • Target

      NiptuneRAT-main/Plugins/G3nl0mDcABnDuZ.dll

    • Size

      177KB

    • MD5

      97b8bec4c47286e333cc2bedacf7338e

    • SHA1

      764bbd0307924b71ca89538b42996208d10c9b91

    • SHA256

      060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de

    • SHA512

      a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf

    • SSDEEP

      3072:EaEk8xLhWuo2alMFVxzPUBvRNHosrO0/1gRR0foQPssGeWSz89:EaEk8PRo2al0DzPUxvHtrN1gROffPfGl

    Score
    1/10
    behavioral15behavioral16

    • Target

      NiptuneRAT-main/Plugins/K8oCBS3ThnW0WP.dll

    • Size

      373KB

    • MD5

      1681e0f3311751361030ff30a957a1ed

    • SHA1

      8f3b55e130af507549817fda37474a1391e6b8f2

    • SHA256

      234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4

    • SHA512

      60690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1

    • SSDEEP

      6144:qPcVUKQh7PTlFOEPDDeXmCIW89SQsgy/mVHeiOA7+Yi4kZd:qEVoVn2Xa9Say+b+Yi4kr

    Score
    1/10
    behavioral17behavioral18

    • Target

      NiptuneRAT-main/Plugins/KNTmoSnG.AnarHs.dll

    • Size

      373KB

    • MD5

      1681e0f3311751361030ff30a957a1ed

    • SHA1

      8f3b55e130af507549817fda37474a1391e6b8f2

    • SHA256

      234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4

    • SHA512

      60690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1

    • SSDEEP

      6144:qPcVUKQh7PTlFOEPDDeXmCIW89SQsgy/mVHeiOA7+Yi4kZd:qEVoVn2Xa9Say+b+Yi4kr

    Score
    1/10
    behavioral19behavioral20

    • Target

      NiptuneRAT-main/Plugins/PK0TcnqTGFagQTS.dll

    • Size

      174KB

    • MD5

      fa90a2aee0d172000257c4faca31237c

    • SHA1

      b317281b4acaaf1d7b7255c5e92887322abae892

    • SHA256

      991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49

    • SHA512

      b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405

    • SSDEEP

      3072:Z60dHpQssTFrcpvZFlOJA3YCVbbME5f8YpIVbltkksqBRbRw:xPsZcpvZFlOJA3VVbbME5f7pIVbTkkZJ

    Score
    1/10
    behavioral21behavioral22

    • Target

      NiptuneRAT-main/Plugins/Recovery.dll

    • Size

      309KB

    • MD5

      08131d6801c109f0764a4fe690aba8ef

    • SHA1

      e732af02326483700eda52ff40dc70cff6b7afcb

    • SHA256

      bc3a9390c043f8002e356ad34b2b11d3486682d0c275ab6729bb4a312e324f51

    • SHA512

      228ab0aa0ddfdb0c099f1db5112304d776cb97ab2dab376d38023e446cb2aec30d9585eba444818f3241ffbc28565a1aef11f97b5b42bf57037de8e4a8536e2a

    • SSDEEP

      6144:sb8xPy7+NKMDMAlcn38OxKl9x7qs9Pxcm0AUNy9rsxLaxHUX:sbBMDMVqfBdcmDBuX

    Score
    1/10
    behavioral23behavioral24

    • Target

      NiptuneRAT-main/Plugins/RssCnLKcGRxj.dll

    • Size

      181KB

    • MD5

      f6808c4fbbe0275db03b2cc5b4c2bc0d

    • SHA1

      e40b61c64c68f72fc5144f5057d54229babdecf8

    • SHA256

      e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248

    • SHA512

      f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4

    • SSDEEP

      3072:P1F3B6k7/u/cVnvqtXEIGyv5LBPcwk4V9KIgBH/cNw5/UzUYNv:P1F0kDu/+WX8yhLBPcwk4SIgBH/Yw58P

    Score
    1/10
    behavioral25behavioral26

    • Target

      NiptuneRAT-main/Plugins/Tools/Bunifu.Licensing.dll

    • Size

      1.3MB

    • MD5

      2b2740e0c34a46de31cf9da8a75d77cf

    • SHA1

      242324f1112e6387cda41686291b6e9a415eeb8c

    • SHA256

      a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43

    • SHA512

      605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40

    • SSDEEP

      24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX

    Score
    1/10
    behavioral27behavioral28

    • Target

      NiptuneRAT-main/Plugins/Tools/Bunifu.UI.WinForms.1.5.3.dll

    • Size

      342KB

    • MD5

      41c216d27c71a227774e680e95e99f31

    • SHA1

      0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5

    • SHA256

      012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305

    • SHA512

      e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651

    • SSDEEP

      6144:3e5XJsDZGUbIf5kqw23B1Q8g2iYcHIc6uWXMIFidNw:qMZGUbIf5T37Q8ncHNAMhNw

    Score
    1/10
    behavioral29behavioral30

    • Target

      NiptuneRAT-main/Plugins/Tools/Bunifu.UI.WinForms.BunifuButton.dll

    • Size

      107KB

    • MD5

      21f999e5ac72a16077511d41590822de

    • SHA1

      d8bb1a8a291f73cdf2b5658b2b65736c87db19dd

    • SHA256

      2a62c78f1f0db2e3258135b50f7885e6734c31c74a8f2f5782f285aa268c2f71

    • SHA512

      e04fe31870f266d772829053a6bb210a9513ff5c8c0f9a3a267ddbe1875125496caa602baf44a4e241ef84d933bd55b79af43d5871ed10c81711adecee78b8e3

    • SSDEEP

      3072:tgiMibnDED3/7f2ih0xdGzFpzUHgmCFKHUUZP0tTwmnkyY:xDDED3/7f2ih0xdGzFpzUHgmCFKHvF0e

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

identifieragilenetratarrowratagentteslaumbralasyncrat
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

arrowratidentifierrat
Score
10/10

behavioral8

arrowratidentifierrat
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10