vanillarat | ebad81bd8eae1bc4c3478847369dacadd968f0091c24d875a7428b91c9634f46

Analysis

max time kernel
106s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 08:58

Target

984802aef7e8a7d9abc4249419be7de0N.exe
Size

279KB
MD5

984802aef7e8a7d9abc4249419be7de0
SHA1

5014c804ae4c2058cf1e268064c23ed952d2a1d4
SHA256

ebad81bd8eae1bc4c3478847369dacadd968f0091c24d875a7428b91c9634f46
SHA512

51bdcf089020e5d6475372d734eb84328f7f13df4e8029281ed9d73474924fe103027195749a9f445029a970d78cecf39873326b3688653ef72317a6fd8ab79f
SSDEEP

3072:OgZApdYrD28fbJB2yLtyTUbjjxK3QdjrxivW+DXnH4vymbi1Mda+A:O/pe1J0UbXtrxivW+D34v4Mda+

Score

10^/10

vanillarat rat

VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
rat vanillarat

Vanilla Rat payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/1420-1-0x0000000000DA0000-0x0000000000DEA000-memory.dmp	vanillarat

C:\Users\Admin\AppData\Local\Temp\984802aef7e8a7d9abc4249419be7de0N.exe
"C:\Users\Admin\AppData\Local\Temp\984802aef7e8a7d9abc4249419be7de0N.exe"
1⤵
PID:1420

memory/1420-0-0x000000007500E000-0x000000007500F000-memory.dmp

Filesize
4KB

Download
memory/1420-1-0x0000000000DA0000-0x0000000000DEA000-memory.dmp

Filesize
296KB

Download
memory/1420-2-0x0000000005E40000-0x00000000063E4000-memory.dmp

Filesize
5.6MB

Download
memory/1420-3-0x00000000057D0000-0x0000000005862000-memory.dmp

Filesize
584KB

Download
memory/1420-4-0x0000000075000000-0x00000000757B0000-memory.dmp

Filesize
7.7MB

Download
memory/1420-5-0x00000000059A0000-0x00000000059AA000-memory.dmp

Filesize
40KB

Download
memory/1420-6-0x000000007500E000-0x000000007500F000-memory.dmp

Filesize
4KB

Download
memory/1420-7-0x0000000075000000-0x00000000757B0000-memory.dmp

Filesize
7.7MB

Download