General
-
Target
App6.exe
-
Size
20.9MB
-
Sample
240618-xdvrqaydkm
-
MD5
4d8c25236bbf32d9470f3ab7316e1652
-
SHA1
0662ccfb31aa070718a84ab0e591851c72ec1c27
-
SHA256
be4b7ce185c2ae9640894b97e30b3faa9d99794560638fcbd04935b5f74d6e4d
-
SHA512
9174858839fbde8788d5423097c0147e469e107cb96ebbc22033e2a753e3b9b6c8ad3fda9512a4f8157025b1702e486cdf0c67d70bc974543b9aae6ef561e823
-
SSDEEP
393216:CEkZQtss27DNL01+l+uq+VvbW+eGQRg93iObIhRS/PcLzrq+6oAd8XTN:ChQtsBB01+l+uqgvbW+e5R49MhR+c/em
Behavioral task
behavioral1
Sample
App6.exe
Resource
win10-20240404-it
Behavioral task
behavioral2
Sample
NiceRAT.pyc
Resource
win10-20240404-it
Malware Config
Targets
-
-
Target
App6.exe
-
Size
20.9MB
-
MD5
4d8c25236bbf32d9470f3ab7316e1652
-
SHA1
0662ccfb31aa070718a84ab0e591851c72ec1c27
-
SHA256
be4b7ce185c2ae9640894b97e30b3faa9d99794560638fcbd04935b5f74d6e4d
-
SHA512
9174858839fbde8788d5423097c0147e469e107cb96ebbc22033e2a753e3b9b6c8ad3fda9512a4f8157025b1702e486cdf0c67d70bc974543b9aae6ef561e823
-
SSDEEP
393216:CEkZQtss27DNL01+l+uq+VvbW+eGQRg93iObIhRS/PcLzrq+6oAd8XTN:ChQtsBB01+l+uqgvbW+e5R49MhR+c/em
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
NiceRAT.pyc
-
Size
74KB
-
MD5
05f2838338b63bf11a142848acb66731
-
SHA1
5a938ffcef3b3b4abc79c25a4ec59d197e8bf4a7
-
SHA256
4bd9a94d4fb9d0f880b0f74fa0bb376b696d6283e174776346d3a7d5c2f58bd1
-
SHA512
7660d0d9d4248c29c3c1c7b353986dfb7e8194507b10904436cf9adab5109a0ae07ba5721d43c3c3775d633f08eff8013cdd3ee6f4346279bfba65e51545b45e
-
SSDEEP
1536:Jkx+peIUJlJ/x2IsVCR28r78sgo6wtkzrTSR/em:JkiW2IsVP8ssgonkzrTSRd
Score3/10 -