Overview
overview
9Static
static
7hacked cli...et.exe
windows10-1703-x64
7hacked cli...mi.exe
windows10-1703-x64
1hacked cli...te.exe
windows10-1703-x64
1hacked cli...v2.exe
windows10-1703-x64
7hacked cli...sy.exe
windows10-1703-x64
6hacked cli...ic.exe
windows10-1703-x64
1hacked cli...ea.exe
windows10-1703-x64
1hacked cli...id.exe
windows10-1703-x64
1hacked cli...on.exe
windows10-1703-x64
9hacked cli...ra.exe
windows10-1703-x64
9hacked cli...ga.exe
windows10-1703-x64
1hacked cli...in.exe
windows10-1703-x64
1Analysis
-
max time kernel
24s -
max time network
19s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-05-2024 00:51
Behavioral task
behavioral1
Sample
hacked client (rats) LMAO/Hermotet.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
hacked client (rats) LMAO/Itami.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
hacked client (rats) LMAO/Lithium-Lite.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
hacked client (rats) LMAO/axentav2.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
hacked client (rats) LMAO/ectasy.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
hacked client (rats) LMAO/epic.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
hacked client (rats) LMAO/icetea.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
hacked client (rats) LMAO/koid.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
hacked client (rats) LMAO/krypton.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
hacked client (rats) LMAO/kura.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
hacked client (rats) LMAO/vega.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
hacked client (rats) LMAO/zoomin.exe
Resource
win10-20240404-en
General
-
Target
hacked client (rats) LMAO/ectasy.exe
-
Size
66KB
-
MD5
de3594a88b85041ec31efcf0735b1906
-
SHA1
a8751a4a7fdf31dc82162a35e906644652d37c4a
-
SHA256
7bef6dcd145cb672fded1ae019319cc13441552de9d48e35975d771bbd531124
-
SHA512
1b41d72aa942aa607ec04eca67f56f76f9a65407c258f66d2dd4fb812bc5d1211c5578c251360088a266ff4b62aa7aae3c394d48fd60a5e57f795e6913ec292b
-
SSDEEP
1536:SQjspDSF7IyR5ukwL3qJgkkkSkkkkkkekNkkkkkkkkkLc/cicWbjS1jDEOKcl:jjMS/5G+gkkkSkkkkkkekNkkkkkkkkk3
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
ectasy.exepid process 3104 ectasy.exe 3104 ectasy.exe 3104 ectasy.exe 3104 ectasy.exe 3104 ectasy.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ectasy.exedescription pid process Token: SeDebugPrivilege 3104 ectasy.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
ectasy.exepid process 3104 ectasy.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3104-0-0x0000021B4CC00000-0x0000021B4CC14000-memory.dmpFilesize
80KB
-
memory/3104-1-0x00007FFEBBF70000-0x00007FFEBC95C000-memory.dmpFilesize
9.9MB
-
memory/3104-2-0x0000021B671A0000-0x0000021B671B0000-memory.dmpFilesize
64KB
-
memory/3104-3-0x0000021B671A0000-0x0000021B671B0000-memory.dmpFilesize
64KB
-
memory/3104-4-0x00007FFEBBF70000-0x00007FFEBC95C000-memory.dmpFilesize
9.9MB
-
memory/3104-5-0x0000021B671A0000-0x0000021B671B0000-memory.dmpFilesize
64KB
-
memory/3104-6-0x0000021B671A0000-0x0000021B671B0000-memory.dmpFilesize
64KB