Overview

overview

10

Static

static

10

VanillaRat.exe

windows10-2004-x64

10

VanillaStub.exe

windows10-2004-x64

10

Resubmissions

13-08-2024 13:12

240813-qfnymazelq 10

13-08-2024 13:11

240813-qe4bxszejl 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.zip

  • Size

    982KB

  • Sample

    240813-qfnymazelq

  • MD5

    a4859bf05e31b3b29dd1da902c2ce6fe

  • SHA1

    22b5baa098f85b9dcd944162888dd05a338d130b

  • SHA256

    b10ec240860d0609b586f9ef4c2488651110e760872c5e5883c9d310c536e80f

  • SHA512

    490b873e3b9e4e766f9202d2e73ffb08e50e207e0efa9ba5c02625e34abfe8001fa866d46bd4a1e1bcc93e0fd62cd45106701aa6053a97553ecfd27543b65b22

  • SSDEEP

    24576:CJuc7Y9w2LJy3Ggn1Qn5F+t7tRrQf8VRAl:CJuc0zIZun5Fk70fr

Score
10/10
vanillaratdiscoveryrat

Malware Config

Targets

    • Target

      VanillaRat.exe

    • Size

      982KB

    • MD5

      ce012d13bf11b47e0b8d1cf2d2ba9846

    • SHA1

      4a554c01352281134eb95ac8f7534468e250c50a

    • SHA256

      0fe257c142a900fe69dd5ff1ebd56a9c073c977442173d823f90981b77e3c210

    • SHA512

      b9a931458c2562b414fd4b90b859ebf2d8c09f9fee6214d3523b3fe57e640c7c2316dd604eb0b307739ef90c265789913f7f6b6da3cc9b086d995bb0efadb799

    • SSDEEP

      12288:+rzh887PPRqUy3G9nc6NghhkuqmzMarPPXj9RAyJ07lPFgoZ7+B:T87PPEUy3G9nLCnkQzM2UtzZa

    Score
    10/10
    vanillaratdiscoveryrat

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Vanilla Rat payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

    • Target

      VanillaStub.exe

    • Size

      114KB

    • MD5

      185526401b0a3a083c797cac3598051a

    • SHA1

      a3a4c4fd2b7f07843e0ac8eeb62b2c8871421b4f

    • SHA256

      caba6c8f198ca5ec08ece1687210e756b860c90ecc32b49ef38a1a7d14524abe

    • SHA512

      ea4f5e217be971950a05bd096dd526f40958ed2b92cbc62a21a83d258b665f35b13b32809b9cf4751887c743e1f58aaebecfab5c3b6ac1ed8e5bd968187adf3f

    • SSDEEP

      3072:xgFtDHh9m0xajuYXPiKo3s+DXgHKv8mbIXC0LtyTy:aFRh9mEaKHS+DeKvYSE0

    Score
    10/10
    vanillaratdiscoveryrat

    • VanillaRat

      VanillaRat is an advanced remote administration tool coded in C#.

      ratvanillarat

    • Vanilla Rat payload

      rat
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks