Overview
overview
9Static
static
7hacked cli...et.exe
windows10-1703-x64
7hacked cli...mi.exe
windows10-1703-x64
1hacked cli...te.exe
windows10-1703-x64
1hacked cli...v2.exe
windows10-1703-x64
7hacked cli...sy.exe
windows10-1703-x64
6hacked cli...ic.exe
windows10-1703-x64
1hacked cli...ea.exe
windows10-1703-x64
1hacked cli...id.exe
windows10-1703-x64
1hacked cli...on.exe
windows10-1703-x64
9hacked cli...ra.exe
windows10-1703-x64
9hacked cli...ga.exe
windows10-1703-x64
1hacked cli...in.exe
windows10-1703-x64
1Analysis
-
max time kernel
14s -
max time network
22s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-05-2024 00:51
Behavioral task
behavioral1
Sample
hacked client (rats) LMAO/Hermotet.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
hacked client (rats) LMAO/Itami.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
hacked client (rats) LMAO/Lithium-Lite.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
hacked client (rats) LMAO/axentav2.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
hacked client (rats) LMAO/ectasy.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
hacked client (rats) LMAO/epic.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
hacked client (rats) LMAO/icetea.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
hacked client (rats) LMAO/koid.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
hacked client (rats) LMAO/krypton.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
hacked client (rats) LMAO/kura.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
hacked client (rats) LMAO/vega.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
hacked client (rats) LMAO/zoomin.exe
Resource
win10-20240404-en
General
-
Target
hacked client (rats) LMAO/epic.exe
-
Size
1.1MB
-
MD5
0cf061ff391f467a683d11884d2ad520
-
SHA1
ed6212e71335f3707303da91c84993c149520d01
-
SHA256
3ac8a1a80b1aea1542a42ac25b0b4d730cc9f3cebd9b2661686177a083e98c03
-
SHA512
022e77fb62f3b5911172ef0b378b6f625fb940f475c6069c5146d179c0d426ba99a80f10fada8e5d1bdbd00c3ff3332dbf11f81469a75db29e79e71d0fe616d3
-
SSDEEP
24576:Yx4er0brd7gWwDj8pL3KXypmEgMjgWBzUnD4:eArd7gNSTBYWGnD4
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 62 IoCs
Processes:
epic.exepid process 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe 2644 epic.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
epic.exepid process 2644 epic.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
epic.exedescription pid process Token: SeDebugPrivilege 2644 epic.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
epic.exepid process 2644 epic.exe 2644 epic.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\epic.exe"C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\epic.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx