888rat

General

Target

888(life activitied).zip
Size

85.0MB
Sample

240428-zz3esshc34
MD5

a2a01ffb986f3e8a815b12e9f5e97417
SHA1

46f6c589e1234d11f5d2d59e4267dbb6466cf846
SHA256

919b8906dc891e3dec2883b47a3cacbdc304482e2efa1edb44c4a2d641e8e302
SHA512

31580d9631066487b7cf3d8d88cf0491ff4acff5c83efdee36cdc4390a4f2eef1209ef10438a7b10a506113563912ca53849973d7d7b47c02c2db4c22584a5bf
SSDEEP

1572864:zYCWF5RLQqPD05Fq/2t2j0TpqbHF7TS6LQz/DIRVxLtCqHm++FTHlemi:zY5RLQqqYetQtTS6LQovxLtQ71i

Score

10^/10

Malware Config

Targets

- Target
  
  888-RAT [Lifetime Activated]/888-RAT [Lifetime Activated].exe
- Size
  
  2.2MB
- MD5
  
  a4680e5a5f84ca01a426659d60cf83fb
- SHA1
  
  30442fa61f339bba3b60de3938d44681ec49a14c
- SHA256
  
  d9974f05d2e0b76f4d8515329473edf6d574a9b9b67361b7b9ab5eaf4bc54932
- SHA512
  
  446852177a6b1cdf9e1c16da6e11a07f34de01688917539eb054f5d43b954486fb30897cbd483d9f1c687e92d8ef14ae733dd8c35f6dabab44fb3a9682f54bca
- SSDEEP
  
  49152:PdYJMfC7koydmRzCxWO8e89khof23mnijV6WvFw3BAz2tIm0U3Nlf:Oc3vdUEWFvSfdw3rtImTf
Score

10^/10

888rat infostealer persistence rat spyware stealer trojan upx
- 888RAT
  888RAT is an Android remote administration tool.
  trojan infostealer rat 888rat
- Android 888 RAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1
- Target
  
  888-RAT [Lifetime Activated]/data/command-reciever.dat
- Size
  
  79.2MB
- MD5
  
  e9aa901042053b06723f6e14f95fe3c6
- SHA1
  
  f7653cb6fc7c6dd17900abdc7a4307570aca50d6
- SHA256
  
  f4023630eddd4ee944149279d641604764e442592d98b9720874c69e02d84fb5
- SHA512
  
  272410435e51a59856cd9dcf7bfba852a9d7055a71fff00491ad45eab9025799a97bebfcdcaab787b17c35263edb9e0b36df63cbcf190969092c2f355406a313
- SSDEEP
  
  1572864:9+geRT13w3TbMlFaT9re/8v1qrqxXlUcFY3rT4FDfhPMETIuCNBrO:9+r13wmgJr0YlUcFYglfhPYS
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral2
- Target
  
  888-RAT [Lifetime Activated]/data/user-interface.dat
- Size
  
  5.6MB
- MD5
  
  b8703418e6c3d1ccd83b8d178ab9f4c9
- SHA1
  
  6fb0e1e0ee5bc745f52a1c29e3cf4b88a2298dd6
- SHA256
  
  d6e9972976881d3dad7ac2a0c66cd7dd81420908aae8b00195a02fdf756cfc5e
- SHA512
  
  75ff6e911691e3d0d32c25d4b6d275a2b6157dae418ce5507f3e3f1b321c3f0dee516b7db0fd6588860019a19862f43c5335c465829de7a418a71999b71cfc3f
- SSDEEP
  
  98304:sbl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Ucf:s6OuK6mn9NzgMoYkSIvUcwti7TQlvciA
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3