Overview

overview

3

Static

static

3

newRat!.zip

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    newRat!.zip

  • Size

    6.1MB

  • MD5

    8b2c6211108eec351f46261c0ca542e8

  • SHA1

    a199f2f449df4db7720c197ce838b96ca6e6fec5

  • SHA256

    dbc90b0aaa6eca3164acb96a1c2dbe1e82b4b0d9cafc7eb13b4c22a5be1ed1c1

  • SHA512

    188400ff8c38bc49bc5c51bbfe6c872ba779924515b7756aff19c4e985d54f34716521355ef5bbe404df9023baf4efb0cb44f7c28a6c5bea7a361c1dd8e6feee

  • SSDEEP

    98304:ptmYXpzG5sMtfQQJ5A9WjCde31u/7d0+3b1GWblaSz1lU3m4j6LCEllr6a1/HJW/:pX9GjQQJ5A5w3c/p0+FlU392CO5q/

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • newRat!.zip
    .zip
  • exe.win32-3.12/cacert.pem
  • exe.win32-3.12/frozen_application_license.txt
  • exe.win32-3.12/lib/_bz2.pyd
    .dll windows:6 windows x86 arch:x86

    26a54a03352b5d14f60a875cad05d331


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/_decimal.pyd
    .dll windows:6 windows x86 arch:x86

    bc4a3e2ea3b13c6190e443b9e5df7e78


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/_hashlib.pyd
    .dll windows:6 windows x86 arch:x86

    32617695b2e0b8c43b93c75b043b84f5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/_lzma.pyd
    .dll windows:6 windows x86 arch:x86

    8d42c439389c5df6a73e16e4d5da4aea


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/_socket.pyd
    .dll .js windows:6 windows x86 arch:x86 polyglot

    c16f9db67d5e504f6ed928d03eed3e95


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/collections/__init__.pyc
  • exe.win32-3.12/lib/collections/abc.pyc
  • exe.win32-3.12/lib/email/__init__.pyc
  • exe.win32-3.12/lib/email/_encoded_words.pyc
  • exe.win32-3.12/lib/email/_header_value_parser.pyc
  • exe.win32-3.12/lib/email/_parseaddr.pyc
  • exe.win32-3.12/lib/email/_policybase.pyc
  • exe.win32-3.12/lib/email/architecture.rst
  • exe.win32-3.12/lib/email/base64mime.pyc
  • exe.win32-3.12/lib/email/charset.pyc
  • exe.win32-3.12/lib/email/contentmanager.pyc
  • exe.win32-3.12/lib/email/encoders.pyc
  • exe.win32-3.12/lib/email/errors.pyc
  • exe.win32-3.12/lib/email/feedparser.pyc
  • exe.win32-3.12/lib/email/generator.pyc
  • exe.win32-3.12/lib/email/header.pyc
  • exe.win32-3.12/lib/email/headerregistry.pyc
  • exe.win32-3.12/lib/email/iterators.pyc
  • exe.win32-3.12/lib/email/message.pyc
  • exe.win32-3.12/lib/email/parser.pyc
  • exe.win32-3.12/lib/email/policy.pyc
  • exe.win32-3.12/lib/email/quoprimime.pyc
  • exe.win32-3.12/lib/email/utils.pyc
  • exe.win32-3.12/lib/encodings/__init__.pyc
  • exe.win32-3.12/lib/encodings/aliases.pyc
  • exe.win32-3.12/lib/encodings/ascii.pyc
  • exe.win32-3.12/lib/encodings/base64_codec.pyc
  • exe.win32-3.12/lib/encodings/big5.pyc
  • exe.win32-3.12/lib/encodings/big5hkscs.pyc
  • exe.win32-3.12/lib/encodings/bz2_codec.pyc
  • exe.win32-3.12/lib/encodings/charmap.pyc
  • exe.win32-3.12/lib/encodings/cp037.pyc
  • exe.win32-3.12/lib/encodings/cp1006.pyc
  • exe.win32-3.12/lib/encodings/cp1026.pyc
  • exe.win32-3.12/lib/encodings/cp1125.pyc
  • exe.win32-3.12/lib/encodings/cp1140.pyc
  • exe.win32-3.12/lib/encodings/cp1250.pyc
  • exe.win32-3.12/lib/encodings/cp1251.pyc
  • exe.win32-3.12/lib/encodings/cp1252.pyc
  • exe.win32-3.12/lib/encodings/cp1253.pyc
  • exe.win32-3.12/lib/encodings/cp1254.pyc
  • exe.win32-3.12/lib/encodings/cp1255.pyc
  • exe.win32-3.12/lib/encodings/cp1256.pyc
  • exe.win32-3.12/lib/encodings/cp1257.pyc
  • exe.win32-3.12/lib/encodings/cp1258.pyc
  • exe.win32-3.12/lib/encodings/cp273.pyc
  • exe.win32-3.12/lib/encodings/cp424.pyc
  • exe.win32-3.12/lib/encodings/cp437.pyc
  • exe.win32-3.12/lib/encodings/cp500.pyc
  • exe.win32-3.12/lib/encodings/cp720.pyc
  • exe.win32-3.12/lib/encodings/cp737.pyc
  • exe.win32-3.12/lib/encodings/cp775.pyc
  • exe.win32-3.12/lib/encodings/cp850.pyc
  • exe.win32-3.12/lib/encodings/cp852.pyc
  • exe.win32-3.12/lib/encodings/cp855.pyc
  • exe.win32-3.12/lib/encodings/cp856.pyc
  • exe.win32-3.12/lib/encodings/cp857.pyc
  • exe.win32-3.12/lib/encodings/cp858.pyc
  • exe.win32-3.12/lib/encodings/cp860.pyc
  • exe.win32-3.12/lib/encodings/cp861.pyc
  • exe.win32-3.12/lib/encodings/cp862.pyc
  • exe.win32-3.12/lib/encodings/cp863.pyc
  • exe.win32-3.12/lib/encodings/cp864.pyc
  • exe.win32-3.12/lib/encodings/cp865.pyc
  • exe.win32-3.12/lib/encodings/cp866.pyc
  • exe.win32-3.12/lib/encodings/cp869.pyc
  • exe.win32-3.12/lib/encodings/cp874.pyc
  • exe.win32-3.12/lib/encodings/cp875.pyc
  • exe.win32-3.12/lib/encodings/cp932.pyc
  • exe.win32-3.12/lib/encodings/cp949.pyc
  • exe.win32-3.12/lib/encodings/cp950.pyc
  • exe.win32-3.12/lib/encodings/euc_jis_2004.pyc
  • exe.win32-3.12/lib/encodings/euc_jisx0213.pyc
  • exe.win32-3.12/lib/encodings/euc_jp.pyc
  • exe.win32-3.12/lib/encodings/euc_kr.pyc
  • exe.win32-3.12/lib/encodings/gb18030.pyc
  • exe.win32-3.12/lib/encodings/gb2312.pyc
  • exe.win32-3.12/lib/encodings/gbk.pyc
  • exe.win32-3.12/lib/encodings/hex_codec.pyc
  • exe.win32-3.12/lib/encodings/hp_roman8.pyc
  • exe.win32-3.12/lib/encodings/hz.pyc
  • exe.win32-3.12/lib/encodings/idna.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp_1.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp_2.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp_2004.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp_3.pyc
  • exe.win32-3.12/lib/encodings/iso2022_jp_ext.pyc
  • exe.win32-3.12/lib/encodings/iso2022_kr.pyc
  • exe.win32-3.12/lib/encodings/iso8859_1.pyc
  • exe.win32-3.12/lib/encodings/iso8859_10.pyc
  • exe.win32-3.12/lib/encodings/iso8859_11.pyc
  • exe.win32-3.12/lib/encodings/iso8859_13.pyc
  • exe.win32-3.12/lib/encodings/iso8859_14.pyc
  • exe.win32-3.12/lib/encodings/iso8859_15.pyc
  • exe.win32-3.12/lib/encodings/iso8859_16.pyc
  • exe.win32-3.12/lib/encodings/iso8859_2.pyc
  • exe.win32-3.12/lib/encodings/iso8859_3.pyc
  • exe.win32-3.12/lib/encodings/iso8859_4.pyc
  • exe.win32-3.12/lib/encodings/iso8859_5.pyc
  • exe.win32-3.12/lib/encodings/iso8859_6.pyc
  • exe.win32-3.12/lib/encodings/iso8859_7.pyc
  • exe.win32-3.12/lib/encodings/iso8859_8.pyc
  • exe.win32-3.12/lib/encodings/iso8859_9.pyc
  • exe.win32-3.12/lib/encodings/johab.pyc
  • exe.win32-3.12/lib/encodings/koi8_r.pyc
  • exe.win32-3.12/lib/encodings/koi8_t.pyc
  • exe.win32-3.12/lib/encodings/koi8_u.pyc
  • exe.win32-3.12/lib/encodings/kz1048.pyc
  • exe.win32-3.12/lib/encodings/latin_1.pyc
  • exe.win32-3.12/lib/encodings/mac_arabic.pyc
  • exe.win32-3.12/lib/encodings/mac_croatian.pyc
  • exe.win32-3.12/lib/encodings/mac_cyrillic.pyc
  • exe.win32-3.12/lib/encodings/mac_farsi.pyc
  • exe.win32-3.12/lib/encodings/mac_greek.pyc
  • exe.win32-3.12/lib/encodings/mac_iceland.pyc
  • exe.win32-3.12/lib/encodings/mac_latin2.pyc
  • exe.win32-3.12/lib/encodings/mac_roman.pyc
  • exe.win32-3.12/lib/encodings/mac_romanian.pyc
  • exe.win32-3.12/lib/encodings/mac_turkish.pyc
  • exe.win32-3.12/lib/encodings/mbcs.pyc
  • exe.win32-3.12/lib/encodings/oem.pyc
  • exe.win32-3.12/lib/encodings/palmos.pyc
  • exe.win32-3.12/lib/encodings/ptcp154.pyc
  • exe.win32-3.12/lib/encodings/punycode.pyc
  • exe.win32-3.12/lib/encodings/quopri_codec.pyc
  • exe.win32-3.12/lib/encodings/raw_unicode_escape.pyc
  • exe.win32-3.12/lib/encodings/rot_13.pyc
  • exe.win32-3.12/lib/encodings/shift_jis.pyc
  • exe.win32-3.12/lib/encodings/shift_jis_2004.pyc
  • exe.win32-3.12/lib/encodings/shift_jisx0213.pyc
  • exe.win32-3.12/lib/encodings/tis_620.pyc
  • exe.win32-3.12/lib/encodings/undefined.pyc
  • exe.win32-3.12/lib/encodings/unicode_escape.pyc
  • exe.win32-3.12/lib/encodings/utf_16.pyc
  • exe.win32-3.12/lib/encodings/utf_16_be.pyc
  • exe.win32-3.12/lib/encodings/utf_16_le.pyc
  • exe.win32-3.12/lib/encodings/utf_32.pyc
  • exe.win32-3.12/lib/encodings/utf_32_be.pyc
  • exe.win32-3.12/lib/encodings/utf_32_le.pyc
  • exe.win32-3.12/lib/encodings/utf_7.pyc
  • exe.win32-3.12/lib/encodings/utf_8.pyc
  • exe.win32-3.12/lib/encodings/utf_8_sig.pyc
  • exe.win32-3.12/lib/encodings/uu_codec.pyc
  • exe.win32-3.12/lib/encodings/zlib_codec.pyc
  • exe.win32-3.12/lib/importlib/__init__.pyc
  • exe.win32-3.12/lib/importlib/_abc.pyc
  • exe.win32-3.12/lib/importlib/_bootstrap.pyc
  • exe.win32-3.12/lib/importlib/_bootstrap_external.pyc
  • exe.win32-3.12/lib/importlib/abc.pyc
  • exe.win32-3.12/lib/importlib/machinery.pyc
  • exe.win32-3.12/lib/importlib/metadata/__init__.pyc
  • exe.win32-3.12/lib/importlib/metadata/_adapters.pyc
  • exe.win32-3.12/lib/importlib/metadata/_collections.pyc
  • exe.win32-3.12/lib/importlib/metadata/_functools.pyc
  • exe.win32-3.12/lib/importlib/metadata/_itertools.pyc
  • exe.win32-3.12/lib/importlib/metadata/_meta.pyc
  • exe.win32-3.12/lib/importlib/metadata/_text.pyc
  • exe.win32-3.12/lib/importlib/readers.pyc
  • exe.win32-3.12/lib/importlib/resources/__init__.pyc
  • exe.win32-3.12/lib/importlib/resources/_adapters.pyc
  • exe.win32-3.12/lib/importlib/resources/_common.pyc
  • exe.win32-3.12/lib/importlib/resources/_itertools.pyc
  • exe.win32-3.12/lib/importlib/resources/_legacy.pyc
  • exe.win32-3.12/lib/importlib/resources/abc.pyc
  • exe.win32-3.12/lib/importlib/resources/readers.pyc
  • exe.win32-3.12/lib/importlib/resources/simple.pyc
  • exe.win32-3.12/lib/importlib/simple.pyc
  • exe.win32-3.12/lib/importlib/util.pyc
  • exe.win32-3.12/lib/libcrypto-3.dll
    .dll windows:6 windows x86 arch:x86

    7620ed6b3d7c21e576489159c6950490


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/library.zip
    .zip
  • BUILD_CONSTANTS.pyc
  • __future__.pyc
  • __startup__.pyc
  • _collections_abc.pyc
  • _compat_pickle.pyc
  • _compression.pyc
  • _py_abc.pyc
  • _pydatetime.pyc
  • _pydecimal.pyc
  • _strptime.pyc
  • _threading_local.pyc
  • _weakrefset.pyc
  • abc.pyc
  • argparse.pyc
  • ast.pyc
  • base64.pyc
  • bisect.pyc
  • bz2.pyc
  • calendar.pyc
  • codecs.pyc
  • contextlib.pyc
  • contextvars.pyc
  • copy.pyc
  • copyreg.pyc
  • csv.pyc
  • dataclasses.pyc
  • datetime.pyc
  • decimal.pyc
  • dis.pyc
  • enum.pyc
  • fnmatch.pyc
  • fractions.pyc
  • functools.pyc
  • genericpath.pyc
  • getopt.pyc
  • gettext.pyc
  • gzip.pyc
  • hashlib.pyc
  • heapq.pyc
  • inspect.pyc
  • io.pyc
  • ipaddress.pyc
  • keyword.pyc
  • linecache.pyc
  • locale.pyc
  • lzma.pyc
  • ntpath.pyc
  • numbers.pyc
  • opcode.pyc
  • operator.pyc
  • os.pyc
  • pathlib.pyc
  • pickle.pyc
  • posixpath.pyc
  • pprint.pyc
  • py_compile.pyc
  • quopri.pyc
  • random.pyc
  • rat__init__.pyc
  • rat__main__.pyc
  • reprlib.pyc
  • selectors.pyc
  • shutil.pyc
  • signal.pyc
  • socket.pyc
  • stat.pyc
  • statistics.pyc
  • string.pyc
  • stringprep.pyc
  • struct.pyc
  • subprocess.pyc
  • tarfile.pyc
  • tempfile.pyc
  • textwrap.pyc
  • threading.pyc
  • token.pyc
  • tokenize.pyc
  • traceback.pyc
  • tracemalloc.pyc
  • types.pyc
  • typing.pyc
  • warnings.pyc
  • weakref.pyc
  • exe.win32-3.12/lib/logging/__init__.pyc
  • exe.win32-3.12/lib/re/__init__.pyc
  • exe.win32-3.12/lib/re/_casefix.pyc
  • exe.win32-3.12/lib/re/_compiler.pyc
  • exe.win32-3.12/lib/re/_constants.pyc
  • exe.win32-3.12/lib/re/_parser.pyc
  • exe.win32-3.12/lib/select.pyd
    .dll windows:6 windows x86 arch:x86

    37c319d413d161ce73d6da2ae7fa4ba6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/unicodedata.pyd
    .dll windows:6 windows x86 arch:x86

    61987d164cd32f461dd288c9576bc1e7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/lib/urllib/__init__.pyc
  • exe.win32-3.12/lib/urllib/parse.pyc
  • exe.win32-3.12/lib/zipfile/__init__.pyc
  • exe.win32-3.12/lib/zipfile/_path/__init__.pyc
  • exe.win32-3.12/lib/zipfile/_path/glob.pyc
  • exe.win32-3.12/python3.dll
    .dll windows:6 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • exe.win32-3.12/python312.dll
    .dll windows:6 windows x86 arch:x86

    b3bf09adda242a448ecaa2784d8423a5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • exe.win32-3.12/rat.exe
    .exe windows:6 windows x86 arch:x86

    0e6036ad6fc9b3b3bfd13b3149d357d6


    Headers

    Imports

    Sections