General

  • Target

    RatClient.exe

  • Size

    76.7MB

  • Sample

    240524-ycdmgsha66

  • MD5

    2f5b9df0e99a9e794b1b9636bfcebaf6

  • SHA1

    d3fbe7a189fd68a91d53dc5fa2d7ddaea1f8b3e1

  • SHA256

    e8a023196703876cf6c7dd4935801f65b80ae31cbbc2e88f6fc3827aa897ace7

  • SHA512

    9df29e952ee74260d2147d49690cc4015737e593bf8bc5a953a0e01ba18a737aa46cefaa9cfc41cd622b11eaba2c0d662ef5c34ed16fd6d981037411d2817fbe

  • SSDEEP

    1572864:fQLwaXnFP/V4f6Gj53ikjt4jRq2GqFOPV5GiIG2qHWB75iVZGzcW7vqaCXA:ftGt/VG6RmtCRlGPrcG2qHO5iVZecyVP

Score
7/10

Malware Config

Targets

    • Target

      RatClient.exe

    • Size

      76.7MB

    • MD5

      2f5b9df0e99a9e794b1b9636bfcebaf6

    • SHA1

      d3fbe7a189fd68a91d53dc5fa2d7ddaea1f8b3e1

    • SHA256

      e8a023196703876cf6c7dd4935801f65b80ae31cbbc2e88f6fc3827aa897ace7

    • SHA512

      9df29e952ee74260d2147d49690cc4015737e593bf8bc5a953a0e01ba18a737aa46cefaa9cfc41cd622b11eaba2c0d662ef5c34ed16fd6d981037411d2817fbe

    • SSDEEP

      1572864:fQLwaXnFP/V4f6Gj53ikjt4jRq2GqFOPV5GiIG2qHWB75iVZGzcW7vqaCXA:ftGt/VG6RmtCRlGPrcG2qHO5iVZecyVP

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      RatClient.pyc

    • Size

      112KB

    • MD5

      28830cdcdda63a8228bfb7ae7ed8429e

    • SHA1

      d2f1f9a46ecbfa1e7ddd6d25958bcb0c2ea95928

    • SHA256

      b63a6186ca89b9dbd73a59d6e0673c1259060d078127722e421b2e7301c47e7e

    • SHA512

      4e25059376b1355c013a4c6ceefc192e13a1134ef624bb782b6fe67decf5c307da3587a7870ce93ad7fa2a75acc91bd2c1f9c701b1841c37677c2335bf0c170a

    • SSDEEP

      1536:DjNv0C054F+vt5pMYgxwG7SToG5ygRWVf8KMLU:DjNcCu4Mvt56ZJ7OygwVf8Kb

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks