General
-
Target
888Rat.zip
-
Size
92.6MB
-
Sample
240713-k14lxsvclr
-
MD5
3a32f6272a10e51f9e9ca370bd0739fe
-
SHA1
694794b3952f8da13b9e6bb8cfe0bc1dc55b6327
-
SHA256
39915dc17d2bc1f53bdac0fc26373b05628734d2dacf3041669d2e6e68222064
-
SHA512
bf8a884701c67b5eb17a88aaf4907d4f4cced8af30fe6a8cc906cd91542a19906c4f98aa29568407e24deb333536fd5bcb2e2fd368e22080d2217f9ff777bb36
-
SSDEEP
1572864:CGlu4mDMQuIR3O68liHx8LOac30Mcsu4uELQv2DSyT5BeMX6q9h06dRI3ejL01/U:B44rPgiiHx90B4uHCS45BDX6KpdMeP0K
Malware Config
Targets
-
-
Target
888Rat.zip
-
Size
92.6MB
-
MD5
3a32f6272a10e51f9e9ca370bd0739fe
-
SHA1
694794b3952f8da13b9e6bb8cfe0bc1dc55b6327
-
SHA256
39915dc17d2bc1f53bdac0fc26373b05628734d2dacf3041669d2e6e68222064
-
SHA512
bf8a884701c67b5eb17a88aaf4907d4f4cced8af30fe6a8cc906cd91542a19906c4f98aa29568407e24deb333536fd5bcb2e2fd368e22080d2217f9ff777bb36
-
SSDEEP
1572864:CGlu4mDMQuIR3O68liHx8LOac30Mcsu4uELQv2DSyT5BeMX6q9h06dRI3ejL01/U:B44rPgiiHx90B4uHCS45BDX6KpdMeP0K
Score10/10-
888RAT
888RAT is an Android remote administration tool.
-
Android 888 RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-