Resubmissions

24-06-2024 19:09

240624-xt97ca1fjr 7

04-04-2024 11:02

240404-m468bsda8x 10

General

  • Target

    888RAT 1.1.1 cracked.exe

  • Size

    38.4MB

  • Sample

    240404-m468bsda8x

  • MD5

    554cd80e1b5fc6c7d296b23e4b400664

  • SHA1

    550d2da6068683ae545c3ca8910ec37671764fad

  • SHA256

    1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c

  • SHA512

    7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c

  • SSDEEP

    786432:x/gwpv29voFFcTLKy1kwql+9l2+OZuhQZUmvhSawvb+GlfR/s:qq2aFWTLK8x9kxZbd4awj+GR/s

Malware Config

Targets

    • Target

      888RAT 1.1.1 cracked.exe

    • Size

      38.4MB

    • MD5

      554cd80e1b5fc6c7d296b23e4b400664

    • SHA1

      550d2da6068683ae545c3ca8910ec37671764fad

    • SHA256

      1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c

    • SHA512

      7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c

    • SSDEEP

      786432:x/gwpv29voFFcTLKy1kwql+9l2+OZuhQZUmvhSawvb+GlfR/s:qq2aFWTLK8x9kxZbd4awj+GR/s

    • 888RAT

      888RAT is an Android remote administration tool.

    • Android 888 RAT payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks