Overview

overview

8

Static

static

8

NullRAT/RAT.py

windows7-x64

3

NullRAT/RAT.py

windows10-2004-x64

3

NullRAT/mo...ass.py

windows7-x64

3

NullRAT/mo...ass.py

windows10-2004-x64

3

NullRAT/mo...ens.py

windows7-x64

3

NullRAT/mo...ens.py

windows10-2004-x64

3

NullRAT/mo...ard.py

windows7-x64

3

NullRAT/mo...ard.py

windows10-2004-x64

3

NullRAT/mo...ule.py

windows7-x64

3

NullRAT/mo...ule.py

windows10-2004-x64

3

NullRAT/mo...ory.py

windows7-x64

3

NullRAT/mo...ory.py

windows10-2004-x64

3

NullRAT/mo...ate.py

windows7-x64

3

NullRAT/mo...ate.py

windows10-2004-x64

3

NullRAT/mo...env.py

windows7-x64

3

NullRAT/mo...env.py

windows10-2004-x64

3

NullRAT/mo...ile.py

windows7-x64

3

NullRAT/mo...ile.py

windows10-2004-x64

3

NullRAT/mo...ens.py

windows7-x64

3

NullRAT/mo...ens.py

windows10-2004-x64

3

NullRAT/mo...les.py

windows7-x64

3

NullRAT/mo...les.py

windows10-2004-x64

3

NullRAT/mo...ile.py

windows7-x64

3

NullRAT/mo...ile.py

windows10-2004-x64

3

NullRAT/mo...hot.py

windows7-x64

3

NullRAT/mo...hot.py

windows10-2004-x64

3

NullRAT/mo...les.py

windows7-x64

3

NullRAT/mo...les.py

windows10-2004-x64

3

NullRAT/mo...ell.py

windows7-x64

3

NullRAT/mo...ell.py

windows10-2004-x64

3

NullRAT/mo...tup.py

windows7-x64

3

NullRAT/mo...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    838s
  • max time network
    839s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2024, 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NullRAT/RAT.py

  • Size

    7KB

  • MD5

    53b9d54a9581a7e043e8267abfeee7bf

  • SHA1

    621ee8223b64079c5aa68036d8cfc3e7fac2f6fc

  • SHA256

    a4db7a6f8861e3f554bfb9ced2912d8fe0bbaf74f08d507ee159d1775bfb7990

  • SHA512

    a91a90fe3a6c290f6a2aed0cc6e1bee7b2a46f50f8294379c5ff3889985a5a1a886e81c10a4e04235e6cea587a78c9ec3024d4d0d5dd9573cb25a7bce4229491

  • SSDEEP

    192:nOdJkyK1Irlev/Vko1VODfqifRgzTkv2+1M0hW/KPk+O9:nODlev/VNVoRgPkO+10

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\NullRAT\RAT.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\NullRAT\RAT.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NullRAT\RAT.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    97ae1879c4870f6e68fdb1d15497a276

    SHA1

    62f0cfe8c99825254f2045f7710d114369b957c5

    SHA256

    ee060136f6676c894c15c39365410f8b5e91ef3c4ba272281696962f474c8ad7

    SHA512

    1b36b38ac5ce81514718373d7ff4fd539876fae16779d6d94d79f1b452797ad38eecd7815c99085ec924cfe5608c459dbd91d89111b21911d7952cfd9260549e

    Download Submit