Overview

overview

7

Static

static

3

RAT/Setup.lnk

windows7-x64

3

RAT/Setup.lnk

windows10-2004-x64

3

RAT/src/Se...ng.exe

windows7-x64

7

RAT/src/Se...ng.exe

windows10-2004-x64

7

RAT/src/main.exe

windows7-x64

7

RAT/src/main.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    RAT.zip

  • Size

    102.0MB

  • Sample

    240810-27vq2axekf

  • MD5

    c0de72b533e6a1cd18ab7e71e0de3839

  • SHA1

    c080a01df77b7df243ecb1d419272a3ea7e9a808

  • SHA256

    46821bc71d695cacafd7f4584b72b596f5a7a84d2751375ed9cdb6a6f45c294a

  • SHA512

    34ab71662179d067ef6cbe5b9d690ba9804e33f8d1c2d89ab502b06b6eac44290dd46191afb43f8802eec700b60b667548ba5886e484954bd0e16d4c02db3f4a

  • SSDEEP

    3145728:paPSXsmrLKm6UbFjYdx8WeiIipx2OMr/ZRHvbh:pvLKmRbFjYD88x2OM/ZRTh

Score
7/10
discoverypyinstallerupx

Malware Config

Targets

    • Target

      RAT/Setup.lnk

    • Size

      805B

    • MD5

      96f6a3d6491a6d953459d8e809e42992

    • SHA1

      179fe22edde4d0e4486ce4c4ff6d94a146ebb7a5

    • SHA256

      4406acd9b77a484ef60e920eeb4e6d466ec6c472ccec03ef30f267a0d9423b9e

    • SHA512

      e7f7af7672d3c63db429300d68ccdc74d725c94f9e3e8fe9232c6ce8fdf496c24c9fb9094a927eb55003997610cf4dc4ddf523f6c74b0a08e1e98f9ff5808e0b

    Score
    3/10
    behavioral1behavioral2

    • Target

      RAT/src/Service Hosting.exe

    • Size

      52.5MB

    • MD5

      4f3b3b9c9df88c7b728792229f985aa8

    • SHA1

      c14f01ee1f0be63b4fc6acc2d84bd544a1a42fd9

    • SHA256

      d9d94abd58af6217f0f4134ce3073cadb795bd1802d4e21f3913f74c821e867e

    • SHA512

      34d7b6d188e42a7d0031b272f0613f522bc435c1e28a55d680aed23bb7b07190e01b99c8974d9b940081d410d78dbe61dd354650269e6a68b86f69181ed8218c

    • SSDEEP

      1572864:2iJp1QJWLMAhRnOPrONJ0Vl4uQE7ztAWmibm1:2OESMAhBOycVlhDAac

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      RAT/src/main.exe

    • Size

      50.1MB

    • MD5

      ef8fb8b70daf98c85bbb522cdfe697f0

    • SHA1

      c2261888fd08d904f69bfa8dec7e8e1c0a54e0fb

    • SHA256

      9426330fee5fc286ef36ba2de95fe4615fa296eebc9eea14989cfa35e3b7640f

    • SHA512

      ec248aee2c0a17cb7a2b2a28e44185d8a1109c83568e406e87cceeb33258a99717ed4df2640b2724cb1c595de1615c40d7d7e0300532d251a745dd447960fd7a

    • SSDEEP

      1572864:GiJp1QJWqMAhRnOPrONJ0Vl4uWE7ztAWPiF2T:GOEfMAhBOycVlhpAZ2

    Score
    7/10
    discoveryupx

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks