asyncrat | 4eeb5d8830e378c5c351d8ea1f8b370364e6ab530573e1f609d8d459e3f23b1a

Sharing

General

Target

Rats-Pack-V-9-By-Arsium-Vol-3.zip
Size

422.8MB
Sample

240516-xkr96sbb6s
MD5

8edd20e39cbede9e88f07984858b790e
SHA1

0f1d0e13eea5645b022d52a8a0c893e111f870e9
SHA256

4eeb5d8830e378c5c351d8ea1f8b370364e6ab530573e1f609d8d459e3f23b1a
SHA512

ad3403663d130865124e3ae7850e5582f88a3d1b7ffd0fa235eb2ad356def5a0ab8f760f6fa9ac3f19bdf4f576bdcfc39cd1b9822264fc8cab1ee5642dde5a4e
SSDEEP

3145728:U0JckZTjPNM/W2u5LeZmZCytDH2OtGlOEoPmwBcr8M6bh44x4tsidgSwiUa+NiXJ:X+Nu5EnyBBAwpPBzxaUa+MX/LVqW

Score

10^/10

Malware Config

Extracted

Family

danabot

111.0.119.0:78

110.0.0.7:768

89.0.101.0:2304

115.0.0.5:108

Attributes

embedded_hash
��\�@��
type
loader

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Extracted

Family

spymax

[SPY_MAX_IP]:[SPY_MAX_PORT]

Extracted

Family

spynote

[SPY_NOTE_HOST_OK]:[SPY_NOTE_PORT_OK]

Extracted

Family

revengerat

Mutex

Targets

- Target
  
  Lime-Worm-0.5.8D\Plugin\FM.dll
- Size
  
  13KB
- MD5
  
  c788693561dc4075f4e703ed11deb273
- SHA1
  
  bcaa67def6168d1062f7dc26012dddeec3f70284
- SHA256
  
  a47bbd8f6106490590ae0f2e2b8a9452fda3abb08591e0552468f86a348df42b
- SHA512
  
  1d8a5d7251caee5e379254e15af0ee962f29474b699d170e72abef9abed11fee2d7479fefe5a4333858bee8470eb11a1024e059c56cca45b5da73e0a60d90d85
- SSDEEP
  
  384:0gUntVMF0dawavDvFcZEBYK5YnFbA4t4XohY7fuDk8+A:0gUnTMFz9KEWK5TSYLu48+A
Score

1^/10
behavioral1 behavioral2
- Target
  
  Lime-Worm-0.5.8D\Plugin\IconLib.dll
- Size
  
  59KB
- MD5
  
  45ecaf5e82da876240f9be946923406c
- SHA1
  
  0e79bfe8ecc9b0a22430d1c13c423fbf0ac2a61d
- SHA256
  
  087a0c5f789e964a2fbcb781015d3fc9d1757358bc63bb4e0b863b4dffdb6e4f
- SHA512
  
  6fd4a25051414b2d70569a82dff5522606bfc34d3eaeea54d2d924bc9c92e479c7fda178208026308a1bf9c90bee9dbcaf8716d85c2ab7f383b43b0734329bc8
- SSDEEP
  
  768:WhZeVOIr9zmWGODfqED8zOJI+IpXgJKCAyEpd+rnwTIQJAqLiA4B0FdIOFMBC3Wd:EP1m3KpOKSEp1TzCaFiPBhlg36eiikN
Score

1^/10
behavioral3 behavioral4
- Target
  
  Lime-Worm-0.5.8D\Plugin\Interop.Shell32.dll
- Size
  
  38KB
- MD5
  
  4081972671d5f13b47ec7959203fead6
- SHA1
  
  a0f1db457061a13987d633b5572a32961c533e71
- SHA256
  
  fac1a1e3ce935119df39921e814fac8f5059e2cf5d7dd93aab8bced58f8e68b6
- SHA512
  
  9433c2afb8a61d810b3c7ceccec7f922abdb0903d85650c1dd271c4364524c7b9cd294182b0bb30cd1e34f1974bf31ea6b722a3afecbfe0b86b9f8293cef291b
- SSDEEP
  
  768:dXx4tUzcSKMnrhUypq45156hkSdyO7UQmTVOxA+rzWww+HMFmx6Hj7tr+BQOMcG:dXx4tUPvt3pq451pOwQm0iKbHG
Score

1^/10
behavioral5 behavioral6
- Target
  
  Lime-Worm-0.5.8D\Plugin\PIN.dll
- Size
  
  112KB
- MD5
  
  aca4928052088f8d803b7120c324e295
- SHA1
  
  d3e14c2a916e27702cfc5cd9c00850307ab8aef0
- SHA256
  
  ec0bdc4363cf60527f83849ed10b7708d596cc8053f8647898101ef0fbfcaf84
- SHA512
  
  b85af0f8cfbca009179af5b920072b715c891f7c832cbcb3788914192b41d7db661574e0dba0eae67c630f049de1a240e919c9a16c1dbf11c7d215631764ee13
- SSDEEP
  
  3072:bjNhP1mcvSy3zkNNXx4tUPvt3pq451pOlxhGX:bqykNXGtUPvt3pq45vmxh
Score

1^/10
behavioral7 behavioral8
- Target
  
  Lime-Worm-0.5.8D\Plugin\PWD.dll
- Size
  
  24KB
- MD5
  
  3170bf386bd975b4b6e206b7afcd0713
- SHA1
  
  68512c413fef704efd6fd4f2a81812fced187694
- SHA256
  
  ea5a35f3c99441a9c6d770abd553c17fcfea429617ea6bec1859379b1a4e7fef
- SHA512
  
  7a1aeafe9eac0cc9bf47ff6700ef2c811d6bf2de9859cad8b2e3dcdf820198007ab153a8fdb4d29fa0d6a566dd680ba1b1ed4c8ca9d1a34850bbdeaec36a73f1
- SSDEEP
  
  384:KWdqUhO0icrXMsMHVcEeU0hWbJO9khCr3g1WDdJucfj7nfRAuv4YP0GS/sT088BW:R3fic6VcDWbJ12+ad1fRp+GYsJH
Score

1^/10
behavioral10 behavioral9
- Target
  
  Lime-Worm-0.5.8D\Plugin\RDP.dll
- Size
  
  17KB
- MD5
  
  efb1f9e145a734eaf91b4cdbecebf6f3
- SHA1
  
  d7caf19661d193c9abdebd125b2464fca7e09eda
- SHA256
  
  e48b167a21fbd266fd38e0fc62c11c88f689d80910d48dcf4d2f7e16848a327b
- SHA512
  
  fe9f75e436ea98ffc4eacb32d48326ae3ec80d693708c25c757d71a862bc3b8590677480277f5fa67203f7475c2b29e30ec958f003939cba1a3dc82e5c95adfd
- SSDEEP
  
  384:EgS9wb4I6dj9MCBAiYP5/mDzLc8/UaUwIHsYt:EgS9wz6B9MCBtKCaHsYt
Score

1^/10
behavioral11 behavioral12
- Target
  
  Lime-Worm-0.5.8D\Plugin\USB.dll
- Size
  
  88KB
- MD5
  
  56168b9344bb038d244200eb78510cc2
- SHA1
  
  959eb35785ef94d980eaca3fbd69949d588f577a
- SHA256
  
  2d40d34dd5b25e55e6242c8755d8439bcce3a5ed762133c70402a786b84e4298
- SHA512
  
  27b69d12698618b969943714e5de9853e1f7aa6b77d197e16fd6202ebd6a9f15df325fe17c7ced2783d5894c186fe2de6e3995a3dff97e7c28d0609ce13001a0
- SSDEEP
  
  1536:e8nRi4PmvgldWaae4KaFCZPP1m3KpOKSEp1TzCaFiPBhlg36eiikNd:eORi4Pmvgmaa/KmCFP1mcvSy3zkNd
Score

1^/10
behavioral13 behavioral14
- Target
  
  Lime-Worm-0.5.8D\Stub\Stub.exe
- Size
  
  23KB
- MD5
  
  1caf905bb41f2ad4276434e0ffc98e6d
- SHA1
  
  3c3a8365d35e4ca5afd31cbe78730878396a4dfd
- SHA256
  
  140fe71dd70d34732730dd15d685510f3f1c0e46d5d0ff19e93b6eac183ad13e
- SHA512
  
  23ada7ee3c77853915ea33f03e75e16a717179089539854d7ac25d4d757a69b18f3359530a0733f78fb0440f9be0400a0c0c6b0a3f3163cfb78c10f14fce9076
- SSDEEP
  
  384:J+phBgqtdAj8g5Q6XUb1GIcopFK47v+vcxhKNjmJj1Qro0wdH1FM:JcArzXUb9NRqVNaU01G
Score

1^/10
behavioral15 behavioral16
- Target
  
  Lime-Worm-0.5.8D\WinMM.Net.dll
- Size
  
  325KB
- MD5
  
  908b2955b450a525096551ff3b05729d
- SHA1
  
  213eba7bcd910e833df43f351ac8dba729d0743c
- SHA256
  
  37670b8b01cb1c83e63ae6323705b2ae080183fc166f45ee6d23040e2fc37980
- SHA512
  
  3b226d61779d7a5b7d6cc22ec224d75866206044e26f9252f86e017a2061a4f10a8a2e79b6708152cf66e77ec47b29a53c12bae95c192a0979966c95ff1fa0e1
- SSDEEP
  
  6144:D5BzHe8nozKCeqxyjihcbtnGxCXpZGkIzjycdjFQ2uFib:Hbe8kKCepeG0xCXfGkIzecdjFhu8b
Score

1^/10
behavioral17 behavioral18
- Target
  
  Lime-Worm-0.5.8D\database32.dll
- Size
  
  2.8MB
- MD5
  
  7028559abf0ccebf9692eb24651b4be1
- SHA1
  
  474e96eb203f4978c9c6e7568f4b7a9b20c329af
- SHA256
  
  b437592443e6c798ac25566400e1a1b4f29ef76a63bc5cd112316f5f4f34e45e
- SHA512
  
  3d0d22d68dda3fb8b27a31216c9a31387e8937645cd0bce7ca5e89f91b4f3addc6d05244cd9617acbecd26547adb563f7e40e516d398d4c741eefb295ff10f3e
- SSDEEP
  
  24576:1dTuyaUzkI/oMi5QNCRzJ4ZBoPUDmJbedDxCPEicdjFhu8bU:1dTuyaU/or+AkyNyXicdjFhuC
Score

10^/10

revengerat stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
behavioral19 behavioral20
- Target
  
  Lime-Worm-0.5.8D\libcef.lib
- Size
  
  211KB
- MD5
  
  59238144771807b1cbc407b250d6b2c3
- SHA1
  
  6c9f87cca7e857e888cb19ea45cf82d2e2d29695
- SHA256
  
  8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b
- SHA512
  
  cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220
- SSDEEP
  
  3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62
Score

1^/10
behavioral21 behavioral22
- Target
  
  Lime-Worm-0.5.8D\libexec.dll
- Size
  
  238KB
- MD5
  
  4e6a7ee0e286ab61d36c26bd38996821
- SHA1
  
  820674b4c75290f8f667764bfb474ca8c1242732
- SHA256
  
  f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3
- SHA512
  
  f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a
- SSDEEP
  
  3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH
Score

1^/10
behavioral23 behavioral24
- Target
  
  LuminosityLink+builder\Builder\Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral25 behavioral26
- Target
  
  LuminosityLink+builder\Builder\builder_con2trip.exe
- Size
  
  103KB
- MD5
  
  a10cd7acbdbff06d18bc5c00d40d3a07
- SHA1
  
  40548f86194adcadd13d9d96d85b33647a35f0a2
- SHA256
  
  55fec5eca1c1e2a0304088cf9eff5f85df1263d3bb178f0834de26168e4014bb
- SHA512
  
  fcbe9fd7a943de79cd367b0091c4ccba094e8e03835819e435dc1209a588df6fb98c0df5ed6f81e8135ace59736bf4c61c87dcc9b31d89ecb83afb7fea3ae206
- SSDEEP
  
  3072:/IRxwLRMcR9aBeWvfxLWDwreWJ2NJgfV4NY:omLbR9JWJWwJYJgf
Score

1^/10
behavioral27 behavioral28
- Target
  
  LuminosityLink+builder\Builder\stub.exe
- Size
  
  143KB
- MD5
  
  c6f9eaba6f901506d086367d35a2db3b
- SHA1
  
  ad5931969b5b96a4752dbe21585ece590ef99d56
- SHA256
  
  168c28d1e794eebe0e1e31dbd64f11dc1587ce766aa7d13dbcd065d86e80afd0
- SHA512
  
  80040f5f93319c3389f40f5b671f3df9fe81f9736219eedb78bfa24b64a1e4672937d4fe629f6ff2501c11c3a48f82acee6c7030d02ff6e84665249b0fd6b17c
- SSDEEP
  
  3072:p/uybjWFAN44SHX4ty3IP25Ll40TV8P0rnpiyxbF:pmA22S314WZGe
Score

1^/10
behavioral29 behavioral30
- Target
  
  LuminosityLink+builder\Builder\stub_delete_by_cmd.exe
- Size
  
  143KB
- MD5
  
  a4d9b77d169f97f76d963563b1c0ac86
- SHA1
  
  0e7b0bcd79680932e1bf7f71f06dedef25a78ae2
- SHA256
  
  7cb6b189b78c153a308a2df9a2a49f0637808600d4054349280db162fb35872c
- SHA512
  
  cc9aad0c962b4a87ea3d62d29f3ba15bcf38a0635fc1a27cb146c8cc2812215ab84d3d107f62487739d883ec5f52d03e395db3d3d52cd0fbd3c196b70e0493cf
- SSDEEP
  
  3072:C/jybjWFAN44SHX4ty3IP25Ll40TV109hpiyxbF:CLA22S314WZi9
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

RevengeRAT

RevengeRat Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32