Overview

overview

10

Static

static

10

1.exe

windows7-x64

8

1.exe

windows10-1703-x64

8

1.exe

windows10-2004-x64

8

1.exe

windows11-21h2-x64

8

360setr.exe

windows7-x64

8

360setr.exe

windows10-1703-x64

8

360setr.exe

windows10-2004-x64

8

360setr.exe

windows11-21h2-x64

8

8989.exe

windows7-x64

10

8989.exe

windows10-1703-x64

10

8989.exe

windows10-2004-x64

10

8989.exe

windows11-21h2-x64

10

988.exe

windows7-x64

7

988.exe

windows10-1703-x64

3

988.exe

windows10-2004-x64

3

988.exe

windows11-21h2-x64

3

999999.exe

windows7-x64

10

999999.exe

windows10-1703-x64

10

999999.exe

windows10-2004-x64

10

999999.exe

windows11-21h2-x64

10

server.exe

windows7-x64

8

server.exe

windows10-1703-x64

8

server.exe

windows10-2004-x64

8

server.exe

windows11-21h2-x64

8

·À½Ù³Ö1.0.exe

windows7-x64

8

·À½Ù³Ö1.0.exe

windows10-1703-x64

8

·À½Ù³Ö1.0.exe

windows10-2004-x64

8

·À½Ù³Ö1.0.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    home.selection.tar

  • Size

    2.3MB

  • Sample

    240616-c4lxaawdpg

  • MD5

    4013edef16732f7dd167e3104b559680

  • SHA1

    f899b374e0516ba6d93f9120ee6362f7cb97a294

  • SHA256

    331a562953f7da86fb6fc344a1c27c49051105177f8ff8661058d801d8f12802

  • SHA512

    e55592351ef8588cc3f62e706012812d4e11f5db3f52efa045c82966522b0511fa588173396e164aa3ce48519dbb51e95790f3fff443904a2751458ea84cbdb5

  • SSDEEP

    49152:2XkIF4qX74X0XrtpUePzKtA+F3l7BPAeYKHdj/PAHD1QCizINk/Sap19Wt3i:F874X0JpUePzV+xl79AeYKHdj/PGDAIC

Score
10/10
runningratpersistencerat

Malware Config

Targets

    • Target

      1.exe

    • Size

      48KB

    • MD5

      7f0bf23db6496335d9adf01fb50ec091

    • SHA1

      92ba1a47b40306bf5e4027506c7683ab3577fb73

    • SHA256

      1f2e39728d627019c482b270eabb614d39100ed910797c6884fc405ae6514412

    • SHA512

      f62a8b136cec137784692547bb7259e36592dd474c16914683f872ab30f482d8acf6a2064c996515c1c99b3337c15b4d0c85fe971cd599c8e9aa54b5822f40df

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ThPC:Ub1MsHz3JDwhyWr+N95OTga6I

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

    • Target

      360setr.exe

    • Size

      48KB

    • MD5

      483fe860119307c2f9e2f7ed4caadc81

    • SHA1

      b5fa21f06419e585cb9faa7227f1931a8521ca5f

    • SHA256

      acee72d648216217f6208a6d648767f06252a72aa3a8f4bf88de049eecb27c23

    • SHA512

      4590310719d9a253e71dcb46775029d1213c87f21d6d002ec78584cc5eece9fdf169af174ae287a9328c81c1699927b552fdb1b4b8d1b59f706511ae48b142c7

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67dhPC:Ub1MsHz3JDwhyWr+N95OTga6u

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral5behavioral6behavioral7behavioral8

    • Target

      8989.exe

    • Size

      48KB

    • MD5

      7d8056785948284e8f6b89004886c936

    • SHA1

      fb954f84b2c0afffb5e788b04029563685054dee

    • SHA256

      f59d23fcb44d07bd1cfc3852bc17b60cc4c35a21a66125953d6f5f697131a521

    • SHA512

      dc11f4669102af7fa6f5b44ead415e12317d65d2847f806a1ffc92a3b5a626a0c74d2c49592b7259f56a0299748a8599e5ab6983b7dec335a04106d44312aa06

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ChPC:Ub1MsHz3JDwhyWr+N95OTga6R

    Score
    10/10
    runningratpersistencerat

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral10behavioral11behavioral12behavioral9

    • Target

      988.exe

    • Size

      2.1MB

    • MD5

      8eadcc4d69631ce1252201d164bff08c

    • SHA1

      364278c807838bf3d75001c72bffa9b00bb42dd6

    • SHA256

      54334afc530f334754ec13761319c8ef536fc644fcd33e5c405ba4aedb8fd90b

    • SHA512

      97fa9dfd9444f711a31c6d017d00151664c8e1e7bc6cc157d55bb59ae13e0d453d1475b82ce6b577b7b3ad448df989550f7594283f016877cda0c8324fd84b6a

    • SSDEEP

      49152:TF4qX74X0XrtpUePzKtA+F3l7BPAeYKHdj/PAHD1QCizINk/Sap19W:a874X0JpUePzV+xl79AeYKHdj/PGDAIC

    Score
    7/10

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral13behavioral14behavioral15behavioral16

    • Target

      999999.exe

    • Size

      48KB

    • MD5

      2b6bdd0a18e76a5df3a867a49f951125

    • SHA1

      f0286405e8c8efb11ad4d30b29f32268ea747c09

    • SHA256

      b6e1c130d2b9f81e9457197727bb12e29093f29bf80408c2351bbad8cf821d4f

    • SHA512

      ef06c218ad5daf8437fda94c991a4ba86e3bdfd7ef55b64d8fdbe4657bb7acf512c42e7158cce17943a3aa437f96d294dae6eeb908d1f8acacdc4ddb25f27915

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ahPC:Ub1MsHz3JDwhyWr+N95OTga6Z

    Score
    10/10
    runningratpersistencerat

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral17behavioral18behavioral19behavioral20

    • Target

      server.exe

    • Size

      48KB

    • MD5

      eff3e0fad856f7bed3f7ef76e355b75e

    • SHA1

      ac9fc470156acc577e6b5e889b6d28bb12e39db8

    • SHA256

      0498fe1b3c0866a85b0b9c653800877da139973d6b60646f99f00e014bbb71e7

    • SHA512

      458ac1d27e70a2fbee1e5c8abb3d1b1fb0c093f57e06d3401a0e45bbc32d619afccbc21ca2d70a694eb173e17f1a46b7a59fdcdfa933618d4f4701e0909bf7b4

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ChPC:Ub1MsHz3JDwhyWr+N95OTga6p

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral21behavioral22behavioral23behavioral24

    • Target

      ·À½Ù³Ö1.0.exe

    • Size

      48KB

    • MD5

      7f0bf23db6496335d9adf01fb50ec091

    • SHA1

      92ba1a47b40306bf5e4027506c7683ab3577fb73

    • SHA256

      1f2e39728d627019c482b270eabb614d39100ed910797c6884fc405ae6514412

    • SHA512

      f62a8b136cec137784692547bb7259e36592dd474c16914683f872ab30f482d8acf6a2064c996515c1c99b3337c15b4d0c85fe971cd599c8e9aa54b5822f40df

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ThPC:Ub1MsHz3JDwhyWr+N95OTga6I

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral25behavioral26behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks

static1

runningrat
Score
10/10

behavioral1

persistence
Score
8/10

behavioral2

persistence
Score
8/10

behavioral3

persistence
Score
8/10

behavioral4

persistence
Score
8/10

behavioral5

persistence
Score
8/10

behavioral6

persistence
Score
8/10

behavioral7

persistence
Score
8/10

behavioral8

persistence
Score
8/10

behavioral9

runningratpersistencerat
Score
10/10

behavioral10

runningratpersistencerat
Score
10/10

behavioral11

runningratpersistencerat
Score
10/10

behavioral12

runningratpersistencerat
Score
10/10

behavioral13

Score
7/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

runningratpersistencerat
Score
10/10

behavioral18

runningratpersistencerat
Score
10/10

behavioral19

runningratpersistencerat
Score
10/10

behavioral20

runningratpersistencerat
Score
10/10

behavioral21

persistence
Score
8/10

behavioral22

persistence
Score
8/10

behavioral23

persistence
Score
8/10

behavioral24

persistence
Score
8/10

behavioral25

persistence
Score
8/10

behavioral26

persistence
Score
8/10

behavioral27

persistence
Score
8/10

behavioral28

persistence
Score
8/10