888rat

General

Target

RAT COURSE $300 (LEAKED).zip
Size

269.5MB
Sample

240525-elca8sdg7x
MD5

fdaf474985ce95f81f8873a2d51da68a
SHA1

185997a7fdbc5866c0db7be2073addc9dbcac788
SHA256

7d03e336cd249751d967c9e6dcd6602e93352f44e77079775222a3eccf8c0b5e
SHA512

7ca132ca99c28ccba61c94d94aa94d92dc6b7dc1cade3abda5a2e84456490b80541cf24401bd92d56bfa436f91eef4496b4791ed234a3baf8ccdacd4cb40dbcb
SSDEEP

6291456:wEeTxKQ2fbm8/e0/F5Mbn46qF+dpZ3nF3eFaDwFd1x3JZJX08D3m32FAwm:wEeEJfbmC7/8bXqF+dx3eFdFdzJXdFY

Score

10^/10

Malware Config

Targets

- Target
  
  RAT COURSE $300 (LEAKED).zip
- Size
  
  269.5MB
- MD5
  
  fdaf474985ce95f81f8873a2d51da68a
- SHA1
  
  185997a7fdbc5866c0db7be2073addc9dbcac788
- SHA256
  
  7d03e336cd249751d967c9e6dcd6602e93352f44e77079775222a3eccf8c0b5e
- SHA512
  
  7ca132ca99c28ccba61c94d94aa94d92dc6b7dc1cade3abda5a2e84456490b80541cf24401bd92d56bfa436f91eef4496b4791ed234a3baf8ccdacd4cb40dbcb
- SSDEEP
  
  6291456:wEeTxKQ2fbm8/e0/F5Mbn46qF+dpZ3nF3eFaDwFd1x3JZJX08D3m32FAwm:wEeEJfbmC7/8bXqF+dx3eFdFdzJXdFY
Score

1^/10
behavioral1 behavioral2
- Target
  
  RAT COURSE $300 (LEAKED)/RAT TOOL FULL FEATURE.zip
- Size
  
  74.5MB
- MD5
  
  bc4b224d8e329e339d8e88af6d660234
- SHA1
  
  66a786004d14c789d8d7f065a6e76db0d4c61b2c
- SHA256
  
  26fd4d9bb941267d61479569eb5f2e79f685ac7e2757fb94a4d78c781b6cc524
- SHA512
  
  95b8b8abaf455d733dbfdbf4b2cf4c4508c35b2781e05314274f3c97f20047e51a2202892d84996d18c9e6de583619a270129d601b07032b1b0420bb2297aeab
- SSDEEP
  
  1572864:d02bZJsczjrcr/MtOvLQvF/JX9h1XauCx1ziw2FebpuuXZmRG:dJZJsEfcYtOvLQDNN8ziw2F65kRG
Score

1^/10
behavioral3 behavioral4
- Target
  
  RAT TOOL FULL FEATURE/888 Rat v1.2.6.exe
- Size
  
  75.0MB
- MD5
  
  ad33064a9ca95c5b3ed45c14b7fe2739
- SHA1
  
  0bd1286fa5fd936a31a4514798daffa444ce8e12
- SHA256
  
  5a14099abd6fe4b396094db7f9911251b25cd57893e14f97a7e7c5f44337bc98
- SHA512
  
  acb056e217edef4639179b24193a454f7e5aade51c1cc972e0458fc23c0ad982323161ad37050a4d849641dbf84719707efdcf4c99ecdf413381e5a752413647
- SSDEEP
  
  1572864:5mhnD+9mK/LnkHD1LYrXatfLllR3RboTmxXlIgU/cNruKPZiv:6nD+UozkJLYrXajR4ElIgU/c5Qv
Score

10^/10

upx 888rat infostealer rat trojan
- 888RAT
  888RAT is an Android remote administration tool.
  trojan infostealer rat 888rat
- Android 888 RAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Android 888 RAT payload

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6