General

  • Target

    RAT COURSE $300 (LEAKED).zip

  • Size

    269.5MB

  • Sample

    240525-elca8sdg7x

  • MD5

    fdaf474985ce95f81f8873a2d51da68a

  • SHA1

    185997a7fdbc5866c0db7be2073addc9dbcac788

  • SHA256

    7d03e336cd249751d967c9e6dcd6602e93352f44e77079775222a3eccf8c0b5e

  • SHA512

    7ca132ca99c28ccba61c94d94aa94d92dc6b7dc1cade3abda5a2e84456490b80541cf24401bd92d56bfa436f91eef4496b4791ed234a3baf8ccdacd4cb40dbcb

  • SSDEEP

    6291456:wEeTxKQ2fbm8/e0/F5Mbn46qF+dpZ3nF3eFaDwFd1x3JZJX08D3m32FAwm:wEeEJfbmC7/8bXqF+dx3eFdFdzJXdFY

Malware Config

Targets

    • Target

      RAT COURSE $300 (LEAKED).zip

    • Size

      269.5MB

    • MD5

      fdaf474985ce95f81f8873a2d51da68a

    • SHA1

      185997a7fdbc5866c0db7be2073addc9dbcac788

    • SHA256

      7d03e336cd249751d967c9e6dcd6602e93352f44e77079775222a3eccf8c0b5e

    • SHA512

      7ca132ca99c28ccba61c94d94aa94d92dc6b7dc1cade3abda5a2e84456490b80541cf24401bd92d56bfa436f91eef4496b4791ed234a3baf8ccdacd4cb40dbcb

    • SSDEEP

      6291456:wEeTxKQ2fbm8/e0/F5Mbn46qF+dpZ3nF3eFaDwFd1x3JZJX08D3m32FAwm:wEeEJfbmC7/8bXqF+dx3eFdFdzJXdFY

    Score
    1/10
    • Target

      RAT COURSE $300 (LEAKED)/RAT TOOL FULL FEATURE.zip

    • Size

      74.5MB

    • MD5

      bc4b224d8e329e339d8e88af6d660234

    • SHA1

      66a786004d14c789d8d7f065a6e76db0d4c61b2c

    • SHA256

      26fd4d9bb941267d61479569eb5f2e79f685ac7e2757fb94a4d78c781b6cc524

    • SHA512

      95b8b8abaf455d733dbfdbf4b2cf4c4508c35b2781e05314274f3c97f20047e51a2202892d84996d18c9e6de583619a270129d601b07032b1b0420bb2297aeab

    • SSDEEP

      1572864:d02bZJsczjrcr/MtOvLQvF/JX9h1XauCx1ziw2FebpuuXZmRG:dJZJsEfcYtOvLQDNN8ziw2F65kRG

    Score
    1/10
    • Target

      RAT TOOL FULL FEATURE/888 Rat v1.2.6.exe

    • Size

      75.0MB

    • MD5

      ad33064a9ca95c5b3ed45c14b7fe2739

    • SHA1

      0bd1286fa5fd936a31a4514798daffa444ce8e12

    • SHA256

      5a14099abd6fe4b396094db7f9911251b25cd57893e14f97a7e7c5f44337bc98

    • SHA512

      acb056e217edef4639179b24193a454f7e5aade51c1cc972e0458fc23c0ad982323161ad37050a4d849641dbf84719707efdcf4c99ecdf413381e5a752413647

    • SSDEEP

      1572864:5mhnD+9mK/LnkHD1LYrXatfLllR3RboTmxXlIgU/cNruKPZiv:6nD+UozkJLYrXajR4ElIgU/c5Qv

    • 888RAT

      888RAT is an Android remote administration tool.

    • Android 888 RAT payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks