Extracted

Extracted

• • Target

    888 Rat v1.2.6/888 Rat v1.2.6/888 Rat v1.2.6.exe

  • Size

    75.5MB

  • MD5

    7b698ac4d64d1ee750e4c413467d5bc2

  • SHA1

    04bc13c495da113feea6be33706614da8a45058c

  • SHA256

    de45c788a3c029874036f20f97a8a7c30d1ae6028c14896eb33a45c05b7fb9bb

  • SHA512

    db9ae78b42406eb6fc1ac0c3c7738ae22a48b2ace9931ee4ac80e5d95d3ecff6d8cd52a5d4601f3361b8c96d4a97a61ad30b2696dffc38a9e77132e3f1e35a32

  • SSDEEP

    1572864:fmhnD+9mK/LnkHD1LYrXatfLllR3RboTmxXlIgU/cNruKPZiv:YnD+UozkJLYrXajR4ElIgU/c5Qv

  Score

  10^/10

  888ratquasarvenomratoffice04evasioninfostealerratrootkitspywarestealertrojanupx

  • 888RAT

    888RAT is an Android remote administration tool.

    trojaninfostealerrat888rat

  • Android 888 RAT payload

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • VenomRAT

    VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.

    ratrootkitstealervenomrat

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1