General
-
Target
888RAT-1.1.1-cracked-PentestCore.exe
-
Size
38.4MB
-
Sample
240620-g1bdlaxfqr
-
MD5
554cd80e1b5fc6c7d296b23e4b400664
-
SHA1
550d2da6068683ae545c3ca8910ec37671764fad
-
SHA256
1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c
-
SHA512
7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c
-
SSDEEP
786432:x/gwpv29voFFcTLKy1kwql+9l2+OZuhQZUmvhSawvb+GlfR/s:qq2aFWTLK8x9kxZbd4awj+GR/s
Static task
static1
Behavioral task
behavioral1
Sample
888RAT-1.1.1-cracked-PentestCore.exe
Resource
win10v2004-20240611-fr
Malware Config
Targets
-
-
Target
888RAT-1.1.1-cracked-PentestCore.exe
-
Size
38.4MB
-
MD5
554cd80e1b5fc6c7d296b23e4b400664
-
SHA1
550d2da6068683ae545c3ca8910ec37671764fad
-
SHA256
1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c
-
SHA512
7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c
-
SSDEEP
786432:x/gwpv29voFFcTLKy1kwql+9l2+OZuhQZUmvhSawvb+GlfR/s:qq2aFWTLK8x9kxZbd4awj+GR/s
Score10/10-
Android 888 RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-