Analysis Overview
SHA256
e1f4d5b5fd4c9f608b24c04ff7a0713aafab481d66c0f993c6559502f84bb2b7
Threat Level: No (potentially) malicious behavior was detected
The file Our_Rat was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-15 21:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 21:31
Reported
2024-06-15 21:49
Platform
win11-20240611-en
Max time kernel
452s
Max time network
454s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Our_Rat
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.65:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 20.42.65.89:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 21:31
Reported
2024-06-15 21:32
Platform
android-33-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 21:31
Reported
2024-06-15 21:32
Platform
macos-20240611-en
Max time kernel
13s
Max time network
16s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Our_Rat"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Our_Rat"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Our_Rat]
/bin/zsh
[/bin/zsh -c /Users/run/Our_Rat]
/Users/run/Our_Rat
[/Users/run/Our_Rat]
/bin/sh
[sh /Users/run/Our_Rat]
/bin/bash
[sh /Users/run/Our_Rat]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.213:443 | tcp | |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| GB | 17.250.81.65:443 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.59.171.27:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |