milleniumrat | d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e | Triage

Sharing

General

Target

d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
Size

289KB
Sample

240604-ldl9ssce63
MD5

ac7f96ac94ca748354e7db225aa1a5b2
SHA1

98be163399271b71337afbc716b6a313ea1941e6
SHA256

d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
SHA512

862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692
SSDEEP

6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/

Score

10^/10

milleniumrat execution persistence rat spyware stealer

Malware Config

Targets

- Target
  
  d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
- Size
  
  289KB
- MD5
  
  ac7f96ac94ca748354e7db225aa1a5b2
- SHA1
  
  98be163399271b71337afbc716b6a313ea1941e6
- SHA256
  
  d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
- SHA512
  
  862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692
- SSDEEP
  
  6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/
Score

10^/10

execution milleniumrat persistence rat spyware stealer
- MilleniumRat
  MilleniumRat is a remote access trojan written in C#.
  rat stealer milleniumrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

milleniumratexecutionpersistenceratspywarestealer