Malware Analysis Report

2024-10-10 07:36

Sample ID 240615-1dbkmavflh
Target Our_Rat
SHA256 e1f4d5b5fd4c9f608b24c04ff7a0713aafab481d66c0f993c6559502f84bb2b7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e1f4d5b5fd4c9f608b24c04ff7a0713aafab481d66c0f993c6559502f84bb2b7

Threat Level: No (potentially) malicious behavior was detected

The file Our_Rat was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 21:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 21:31

Reported

2024-06-15 21:49

Platform

win11-20240611-en

Max time kernel

452s

Max time network

454s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Our_Rat

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Our_Rat

Network

Country Destination Domain Proto
GB 2.18.66.65:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 20.42.65.89:443 browser.pipe.aria.microsoft.com tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.184:443 r.bing.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 21:31

Reported

2024-06-15 21:32

Platform

android-33-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 21:31

Reported

2024-06-15 21:32

Platform

macos-20240611-en

Max time kernel

13s

Max time network

16s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Our_Rat"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Our_Rat"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Our_Rat"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Our_Rat]

/bin/zsh

[/bin/zsh -c /Users/run/Our_Rat]

/Users/run/Our_Rat

[/Users/run/Our_Rat]

/bin/sh

[sh /Users/run/Our_Rat]

/bin/bash

[sh /Users/run/Our_Rat]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 52.182.143.213:443 tcp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
GB 17.250.81.65:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.59.171.27:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 a479.dscg4.akamai.net udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20