General
-
Target
SecuriteInfo.com.BackDoor.Rat.281.18292.12946
-
Size
1.4MB
-
Sample
240414-rxnjvscb5x
-
MD5
793707365df26450bc8642f518a540f0
-
SHA1
66649127ad784288c393992971a197c10f86a8eb
-
SHA256
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
-
SHA512
550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695
-
SSDEEP
24576:8Ec46GnhPe4h/N5m8loOoYJ/HRz1IgRizQJYiEH0YSXHZTNbf86:8EBQ2xrVEcXfbf86
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.Rat.281.18292.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BackDoor.Rat.281.18292.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
SecuriteInfo.com.BackDoor.Rat.281.18292.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BackDoor.Rat.281.18292.12946
-
Size
1.4MB
-
MD5
793707365df26450bc8642f518a540f0
-
SHA1
66649127ad784288c393992971a197c10f86a8eb
-
SHA256
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
-
SHA512
550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695
-
SSDEEP
24576:8Ec46GnhPe4h/N5m8loOoYJ/HRz1IgRizQJYiEH0YSXHZTNbf86:8EBQ2xrVEcXfbf86
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-