milleniumrat

Sharing

General

Target

Prometheus.zip
Size

28.0MB
Sample

240815-p5r6xasdkg
MD5

dde91eb2d07365ae86c406f44e98adbb
SHA1

dcb635c38d67a976d93e3ca2a7c5bfd4bc459e41
SHA256

cab5b50e25d5e7a038c4d0b5b5dc229a75db8e00d08a8549c9b42be89fe2b1c4
SHA512

c62d50889a0d170ba905af2a6e3c3856b671fddf99750987ff6bc9eea3cfac068b2c4451fdfdf9311ffe362301563a71865aec057583ddee084a3eab45996297
SSDEEP

393216:nrl6Ft6T6EdJVb5tSzOW9LVJLVseNPEivI8f2yIM+D4Y8sJtXAzJosb7umZ:UFtE6W5tkO4DWemsI8fp84YPns3

Score

10^/10

Malware Config

Targets

- Target
  
  Builder.bat
- Size
  
  1KB
- MD5
  
  69f3538d09da509b93329b22fd59a956
- SHA1
  
  d74ccc96102895e111712beedabcdc725fb23360
- SHA256
  
  79e1377ac17e6aece067d4cf6a202d8baf43a9906cea353de7188c43b20500c8
- SHA512
  
  a5e2fdeb2d185acda43e6a0d964966fc5246d2fe598d094e0b59bd757c42170d3e4125cf7da736080a95141b453d12a53af295eb53bd64e431285e8213da9b07
Score

1^/10
behavioral1
- Target
  
  Components/BlankOBF.py
- Size
  
  5KB
- MD5
  
  7a8c07085db6d780537154ba26a42a5e
- SHA1
  
  0bb6856624884bf154be7cc8df52d3214dea7d9f
- SHA256
  
  ca8445cd8593ff89d2a406e43fa114f612fe10835d80cb43b4341c390f8b5eb0
- SHA512
  
  16d91226b929128c447ee04c00e9eede44e6a5daf9691a9d45ff645da053748594734268ae45a4521f0329bf8116ed16c149a9edfaf74d923e64ffec5271c706
- SSDEEP
  
  96:Gr54cd62hK9FFZ48PuCQYBX5oQL6oUMOQcL:GP6Us4B8JoQLBsQcL
Score

3^/10
behavioral2
- Target
  
  Components/loader.py
- Size
  
  634B
- MD5
  
  ca35548638710a32f6d4bc1a61a103c5
- SHA1
  
  2703967c4376cc2e0ca20191eff97b85989d8310
- SHA256
  
  e7dbfe873c719006f28e6526ef54215d7b7598bce5566734c552dab9f1f487e6
- SHA512
  
  d1c0839326662b240dfa4bcea7284d261be46e9bb8b03f073e0328e361321f9cdfa740abd4541b2cdc21c806bcd901d3bc3cc36b9f7e0ee6191d189df0533061
Score

3^/10
behavioral3
- Target
  
  Components/postprocess.py
- Size
  
  2KB
- MD5
  
  49075e2d9fc465efc637dec05d1dc8ab
- SHA1
  
  715e7a50e1abc50df13cdb0626a027ce1fd520b5
- SHA256
  
  89074ee03413bc77d02c438831b318a98804823fadb6f972028f7951548a201b
- SHA512
  
  39c79ca0de2046ccb2d6cea4db2e7ebb84dfbc332964cfd6337e421ef4f70a2c0ae99d2154edf78caa2b8f2bb702702b71fbbc72fad2813fb745d96d3d7e05f9
Score

3^/10
behavioral4
- Target
  
  Components/process.py
- Size
  
  8KB
- MD5
  
  bd188d54f63b150b4ed6fad9adb37666
- SHA1
  
  f9c8d9abb5d32cbe1b7af8c2cf972dc311010919
- SHA256
  
  d4ee3542fbc2453c07b8fa9b2a36d49c46cf892dc1163ee345c6a8ef55921f0c
- SHA512
  
  991c7488806f9c5eeb342eedd769c8ad6a13b6a3cff36c76ebea3d721b75925f95add0b3dd36c596b50c8026c89ef3bdd4f268aceb859e19fc461c39d84b1119
- SSDEEP
  
  192:Etw1auOoI8I+IQI2Iz2Iym+IyIQICI0IiIgIcI6ISI+ISIKG2I0U0F+05dkIMN0E:m4iE9pV3522EQTq1o4mG
Score

3^/10
behavioral5
- Target
  
  env/Scripts/dist/RarLng.dll
- Size
  
  954KB
- MD5
  
  9f4c05a96dc3da20b2ef7a353f1d0dca
- SHA1
  
  812e08c4a5e4f5417bbcee82203d61187146a3ca
- SHA256
  
  e11ce184aca39f975ed51fc79b7cf747269c26cf023e2c10f3fe7bc7d1c022a2
- SHA512
  
  2363bfb58c3b5a998f245260139ed1328fef6622ea4f19bb088e64f24fb27753b2b705bccb205111512e5c4cdc1a38c5c9c8a6cb849c7ed6550eaf44b7d59145
- SSDEEP
  
  12288:C9zNS6Kop1AfI50tCFJRiG6n00qvwz0KRwpBd3X3uIIIkIxV0DTbALX:AzNSjq10I50tQPO0q0RpBd3X3B+zALX
Score

1^/10
behavioral6
- Target
  
  env/Scripts/dist/UnRAR.exe
- Size
  
  422KB
- MD5
  
  1ee4846cca962f50c85ae93af0376bd1
- SHA1
  
  4b18a97f070fea94ac896c98b669adab23e07bf2
- SHA256
  
  90c2b2107a22ea8eb3593a155c4c0007b18b1ba552bf65f963c040038da248be
- SHA512
  
  9cb39fd0f55e0b2bf436e6811ac019490596e1b73710cacfa5b024973d68c925bbe408d833eb86ed4f2b0064f158cc754c29e7371ce1470b091b6fbfcb7d6a2f
- SSDEEP
  
  12288:bfZS8F2j18h6zx8sI3GPT4FoMJB68QYjQM:9SO2jwyxFfT4FoMKJYjT
Score

3^/10
behavioral7
- Target
  
  env/Scripts/dist/Uninstall.exe
- Size
  
  429KB
- MD5
  
  62c61b5bc915f81c8038aa83ed1a3b01
- SHA1
  
  d6e611c6bbc3f878e551d12c876b597cb88c2dbc
- SHA256
  
  a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353
- SHA512
  
  919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53
- SSDEEP
  
  12288:xSXiav7Nwt8OVYPqo3YlgaAMTwBhvBJ/+7IISY1Ar8:AS4qiYlFAM0Bhvn/+h1A8
Score

4^/10
behavioral8
- Target
  
  env/Scripts/dist/WinCon.SFX
- Size
  
  298KB
- MD5
  
  ecf56993b7a05885da9197cd36135cde
- SHA1
  
  914b4b846fea50c857174306bbbd3bac3d42bc6c
- SHA256
  
  283321827c02867eb19a905823a37352942ff59f22bbca55eef1102441385a9e
- SHA512
  
  446b3be933a13ad1e8554fe21da46947e7d559614543b657241c693ce3027ea98dfea429ce1fbb20d01c449a733f21f9554ea60d2fd442379fd8b5c42d23f1bd
- SSDEEP
  
  6144:WJGIe1DI6eXhWWzu6wN+QzkX8xvdYNBI7ND:WJGIeRI6UhWWzpwEQz5xvdd7ND
Score

3^/10

discovery
behavioral9
- Target
  
  env/Scripts/dist/WinCon64.SFX
- Size
  
  349KB
- MD5
  
  a8d5219f446d3c03fa87b4e6ee0c85ae
- SHA1
  
  58f1823f345a0e28e18ec240cfcb03057c2f4aa2
- SHA256
  
  ccf633bc31059fd5ebdb476ab9e0c90a6c986a81a456cdd1455dc814139b871f
- SHA512
  
  e8154a43396b5a37031db3ec3cc686a8679bc6068fc26a1e733d09ea964eae185c07ed13bcf041e992602c371ed2e13ad1f66de5ad51c3f41cb6710eb0e562f9
- SSDEEP
  
  6144:e7Dv+rtYv1C3f6FDA5I9j9G0EEz9B6DrAFeaKKkq2Crl7x:e7CrtQC3f6FDA5I9zE89YDvPKkq/rl7x
Score

1^/10
behavioral10
- Target
  
  env/Scripts/dist/WinConEn.SFX
- Size
  
  294KB
- MD5
  
  d27a3d83167276da2847ec3d385446f7
- SHA1
  
  5a9ff6baf46543c8414e0a387dabd1085bac6a3a
- SHA256
  
  36b6a07833fe16e701c68a6775b711707d962c9057646d7181e762633b07eb9c
- SHA512
  
  e72ee0b8e4b40310bf6b9475a889547df4cc4c43fe1cfbd3dbf8e62600ee7b12af725818ef4c45e4099694f35126851003f3d9756ec7fa3091c83551372d1489
- SSDEEP
  
  6144:lJGIe1DI6eXhWWzu6wN+QzkX8xvdYufYja:lJGIeRI6UhWWzpwEQz5xvdBfYja
Score

3^/10

discovery
behavioral11
- Target
  
  env/Scripts/dist/WinConEn64.SFX
- Size
  
  346KB
- MD5
  
  e882e0122566f8284f1da272b00d50e9
- SHA1
  
  059f73c792739dc0abdf82e0d52dae58cb87a655
- SHA256
  
  3302373d25f68ece20a586e7345f07b02e97e707865eb9c7a582d9f58c5e5622
- SHA512
  
  1770fe7fd0a67fc3d5346b9ae6e39714b59e174240227286a4d1137cdaf5304c25f1ec08de9f4b6ebfc64c03a8d1660fd7505dd2a7d9f72d8e0ee90839c44b06
- SSDEEP
  
  6144:v7Dv+rtYv1C3f6FDA5I9j9G0EEz9B6DrAFeaKKkq2CrTYj:v7CrtQC3f6FDA5I9zE89YDvPKkq/rTYj
Score

1^/10
behavioral12
- Target
  
  env/Scripts/dist/WinRAR.exe
- Size
  
  2.4MB
- MD5
  
  a40c46ea3459f9ac799e87b1945710f1
- SHA1
  
  3128a1535e4c7dfc15581bb171e84c8bcdf29635
- SHA256
  
  a7814203d7a5124fda5c48e02c2856694d584f458f00bb695d63b61d9c3f9005
- SHA512
  
  50be2d8da71d88082cf0162f459b65b5e4e9b422ebad72d1b7005f5a0c9d69678b0054708244561a26abc9b1afcb40cc73a197809540148e71886900a10e5317
- SSDEEP
  
  49152:flLEkH4q8hy1JWFeIrk/agsMod2ZPybt+9ZjeHzNQeyUHBdH3iQ:b4q8hyyCX6HKe9BpyQ
Score

5^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13
- Target
  
  env/Scripts/dist/WinRAR/RarLng.dll
- Size
  
  954KB
- MD5
  
  9f4c05a96dc3da20b2ef7a353f1d0dca
- SHA1
  
  812e08c4a5e4f5417bbcee82203d61187146a3ca
- SHA256
  
  e11ce184aca39f975ed51fc79b7cf747269c26cf023e2c10f3fe7bc7d1c022a2
- SHA512
  
  2363bfb58c3b5a998f245260139ed1328fef6622ea4f19bb088e64f24fb27753b2b705bccb205111512e5c4cdc1a38c5c9c8a6cb849c7ed6550eaf44b7d59145
- SSDEEP
  
  12288:C9zNS6Kop1AfI50tCFJRiG6n00qvwz0KRwpBd3X3uIIIkIxV0DTbALX:AzNSjq10I50tQPO0q0RpBd3X3B+zALX
Score

1^/10
behavioral14
- Target
  
  env/Scripts/dist/WinRAR/UnRAR.exe
- Size
  
  422KB
- MD5
  
  1ee4846cca962f50c85ae93af0376bd1
- SHA1
  
  4b18a97f070fea94ac896c98b669adab23e07bf2
- SHA256
  
  90c2b2107a22ea8eb3593a155c4c0007b18b1ba552bf65f963c040038da248be
- SHA512
  
  9cb39fd0f55e0b2bf436e6811ac019490596e1b73710cacfa5b024973d68c925bbe408d833eb86ed4f2b0064f158cc754c29e7371ce1470b091b6fbfcb7d6a2f
- SSDEEP
  
  12288:bfZS8F2j18h6zx8sI3GPT4FoMJB68QYjQM:9SO2jwyxFfT4FoMKJYjT
Score

3^/10
behavioral15
- Target
  
  env/Scripts/dist/WinRAR/Uninstall.exe
- Size
  
  429KB
- MD5
  
  62c61b5bc915f81c8038aa83ed1a3b01
- SHA1
  
  d6e611c6bbc3f878e551d12c876b597cb88c2dbc
- SHA256
  
  a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353
- SHA512
  
  919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53
- SSDEEP
  
  12288:xSXiav7Nwt8OVYPqo3YlgaAMTwBhvBJ/+7IISY1Ar8:AS4qiYlFAM0Bhvn/+h1A8
Score

4^/10
behavioral16
- Target
  
  env/Scripts/dist/WinRAR/WinCon.SFX
- Size
  
  298KB
- MD5
  
  ecf56993b7a05885da9197cd36135cde
- SHA1
  
  914b4b846fea50c857174306bbbd3bac3d42bc6c
- SHA256
  
  283321827c02867eb19a905823a37352942ff59f22bbca55eef1102441385a9e
- SHA512
  
  446b3be933a13ad1e8554fe21da46947e7d559614543b657241c693ce3027ea98dfea429ce1fbb20d01c449a733f21f9554ea60d2fd442379fd8b5c42d23f1bd
- SSDEEP
  
  6144:WJGIe1DI6eXhWWzu6wN+QzkX8xvdYNBI7ND:WJGIeRI6UhWWzpwEQz5xvdd7ND
Score

3^/10

discovery
behavioral17
- Target
  
  env/Scripts/dist/WinRAR/WinCon64.SFX
- Size
  
  349KB
- MD5
  
  a8d5219f446d3c03fa87b4e6ee0c85ae
- SHA1
  
  58f1823f345a0e28e18ec240cfcb03057c2f4aa2
- SHA256
  
  ccf633bc31059fd5ebdb476ab9e0c90a6c986a81a456cdd1455dc814139b871f
- SHA512
  
  e8154a43396b5a37031db3ec3cc686a8679bc6068fc26a1e733d09ea964eae185c07ed13bcf041e992602c371ed2e13ad1f66de5ad51c3f41cb6710eb0e562f9
- SSDEEP
  
  6144:e7Dv+rtYv1C3f6FDA5I9j9G0EEz9B6DrAFeaKKkq2Crl7x:e7CrtQC3f6FDA5I9zE89YDvPKkq/rl7x
Score

1^/10
behavioral18
- Target
  
  env/Scripts/dist/WinRAR/WinConEn.SFX
- Size
  
  294KB
- MD5
  
  d27a3d83167276da2847ec3d385446f7
- SHA1
  
  5a9ff6baf46543c8414e0a387dabd1085bac6a3a
- SHA256
  
  36b6a07833fe16e701c68a6775b711707d962c9057646d7181e762633b07eb9c
- SHA512
  
  e72ee0b8e4b40310bf6b9475a889547df4cc4c43fe1cfbd3dbf8e62600ee7b12af725818ef4c45e4099694f35126851003f3d9756ec7fa3091c83551372d1489
- SSDEEP
  
  6144:lJGIe1DI6eXhWWzu6wN+QzkX8xvdYufYja:lJGIeRI6UhWWzpwEQz5xvdBfYja
Score

3^/10

discovery
behavioral19
- Target
  
  env/Scripts/dist/WinRAR/WinConEn64.SFX
- Size
  
  346KB
- MD5
  
  e882e0122566f8284f1da272b00d50e9
- SHA1
  
  059f73c792739dc0abdf82e0d52dae58cb87a655
- SHA256
  
  3302373d25f68ece20a586e7345f07b02e97e707865eb9c7a582d9f58c5e5622
- SHA512
  
  1770fe7fd0a67fc3d5346b9ae6e39714b59e174240227286a4d1137cdaf5304c25f1ec08de9f4b6ebfc64c03a8d1660fd7505dd2a7d9f72d8e0ee90839c44b06
- SSDEEP
  
  6144:v7Dv+rtYv1C3f6FDA5I9j9G0EEz9B6DrAFeaKKkq2CrTYj:v7CrtQC3f6FDA5I9zE89YDvPKkq/rTYj
Score

1^/10
behavioral20
- Target
  
  env/Scripts/dist/WinRAR/WinRAR.exe
- Size
  
  2.4MB
- MD5
  
  a40c46ea3459f9ac799e87b1945710f1
- SHA1
  
  3128a1535e4c7dfc15581bb171e84c8bcdf29635
- SHA256
  
  a7814203d7a5124fda5c48e02c2856694d584f458f00bb695d63b61d9c3f9005
- SHA512
  
  50be2d8da71d88082cf0162f459b65b5e4e9b422ebad72d1b7005f5a0c9d69678b0054708244561a26abc9b1afcb40cc73a197809540148e71886900a10e5317
- SSDEEP
  
  49152:flLEkH4q8hy1JWFeIrk/agsMod2ZPybt+9ZjeHzNQeyUHBdH3iQ:b4q8hyyCX6HKe9BpyQ
Score

5^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral21
- Target
  
  env/Scripts/dist/WinRAR/Zip.SFX
- Size
  
  279KB
- MD5
  
  32389d929fb42fabcd772ba3cbaf24a4
- SHA1
  
  eb3bddf42eec784ee76002a70dd8f9ad0f55f0fc
- SHA256
  
  e28a5cd51ccf09bec05931ff86519baaa2066d992852e0953faa98f98bf3ad45
- SHA512
  
  6555948d74b3b0e633c0786ad2a60e01d7c6b363d83b2a8614bd16840d42fe1f844db0d3c90ec5799457b1f649671ef7e845c11feeb37ef43a03ed689f1d7fd5
- SSDEEP
  
  6144:qxjrrKEf9+eqfWlsURNwyIolvT+tk108n:qxjrr7F5qfMs8WduT+tk108n
Score

3^/10

discovery
behavioral22
- Target
  
  env/Scripts/dist/WinRAR/Zip64.SFX
- Size
  
  317KB
- MD5
  
  9d8ef4e94b72611c084a401e530c9fff
- SHA1
  
  0b68be4b8cb46f9d3b3d49b43dacd163d14f63db
- SHA256
  
  07498e94057a7ce1951525b0a59da5680b622ca7a0de083a9fa6e723bca22098
- SHA512
  
  57a4d756a5a258c2a53a6dfd16cc18468e7ca44f4fbdb8459d52b09ad651a2aa4fc7143126e8630ddb865c081c868a516293b3251a56f4cc694334bcf65e4cf3
- SSDEEP
  
  6144:uQFIrThznza/CYcbpwiHhuX2IodiRT+tk:HIznza/dcK0eZnRT+tk
Score

1^/10
behavioral23
- Target
  
  env/Scripts/dist/WinRAR/ZipEn.SFX
- Size
  
  278KB
- MD5
  
  dd5e37cb05ef290b830e9c031b3baded
- SHA1
  
  a70115bf33449cdb48f6a24ff44a66063b5452c0
- SHA256
  
  8cad25398138830d6f3908a7c8928cd6fc880233cc6fb75bdc79fd3c7c690b3c
- SHA512
  
  76035deeea1f707369f51da09af8f8e29f1e2ff5cc355b6fee06de1fb5824b2de29d5c1826d5b461fc963ed73202899ea55e3bff9a8d23454b6a15e9b23a33fd
- SSDEEP
  
  6144:uxjrrKEf9+eqfWlsURNwyIolROX+t4c08n:uxjrr7F5qfMs8WdcOX+t4c08n
Score

3^/10

discovery
behavioral24
- Target
  
  env/Scripts/dist/WinRAR/ZipEn64.SFX
- Size
  
  317KB
- MD5
  
  8f8cdb74d018e6daa4181944a9308fc4
- SHA1
  
  5dd16945eace609a4626a107c2adcc0e6e372da9
- SHA256
  
  01c4ff5a431e2ff8ade9cb7d892ff2e8add9ff78cc15bc394788f0d7779b7d02
- SHA512
  
  fc57dd7c48154e0640d9bac9120427e84bb678544845d001aa252b4ff3ecca4a962abf772bdc10ead4a2d6d2cb89a0ab370765aa41187f30df76eb316005e912
- SSDEEP
  
  6144:JQFIrThznza/CYcbpwiHhuX2IoditEX+t4:EIznza/dcK0eZntEX+t4
Score

1^/10
behavioral25
- Target
  
  env/Scripts/dist/Zip.SFX
- Size
  
  279KB
- MD5
  
  32389d929fb42fabcd772ba3cbaf24a4
- SHA1
  
  eb3bddf42eec784ee76002a70dd8f9ad0f55f0fc
- SHA256
  
  e28a5cd51ccf09bec05931ff86519baaa2066d992852e0953faa98f98bf3ad45
- SHA512
  
  6555948d74b3b0e633c0786ad2a60e01d7c6b363d83b2a8614bd16840d42fe1f844db0d3c90ec5799457b1f649671ef7e845c11feeb37ef43a03ed689f1d7fd5
- SSDEEP
  
  6144:qxjrrKEf9+eqfWlsURNwyIolvT+tk108n:qxjrr7F5qfMs8WduT+tk108n
Score

3^/10

discovery
behavioral26
- Target
  
  env/Scripts/dist/Zip64.SFX
- Size
  
  317KB
- MD5
  
  9d8ef4e94b72611c084a401e530c9fff
- SHA1
  
  0b68be4b8cb46f9d3b3d49b43dacd163d14f63db
- SHA256
  
  07498e94057a7ce1951525b0a59da5680b622ca7a0de083a9fa6e723bca22098
- SHA512
  
  57a4d756a5a258c2a53a6dfd16cc18468e7ca44f4fbdb8459d52b09ad651a2aa4fc7143126e8630ddb865c081c868a516293b3251a56f4cc694334bcf65e4cf3
- SSDEEP
  
  6144:uQFIrThznza/CYcbpwiHhuX2IodiRT+tk:HIznza/dcK0eZnRT+tk
Score

1^/10
behavioral27
- Target
  
  env/Scripts/dist/ZipEn.SFX
- Size
  
  278KB
- MD5
  
  dd5e37cb05ef290b830e9c031b3baded
- SHA1
  
  a70115bf33449cdb48f6a24ff44a66063b5452c0
- SHA256
  
  8cad25398138830d6f3908a7c8928cd6fc880233cc6fb75bdc79fd3c7c690b3c
- SHA512
  
  76035deeea1f707369f51da09af8f8e29f1e2ff5cc355b6fee06de1fb5824b2de29d5c1826d5b461fc963ed73202899ea55e3bff9a8d23454b6a15e9b23a33fd
- SSDEEP
  
  6144:uxjrrKEf9+eqfWlsURNwyIolROX+t4c08n:uxjrr7F5qfMs8WdcOX+t4c08n
Score

3^/10

discovery
behavioral28
- Target
  
  env/Scripts/dist/ZipEn64.SFX
- Size
  
  317KB
- MD5
  
  8f8cdb74d018e6daa4181944a9308fc4
- SHA1
  
  5dd16945eace609a4626a107c2adcc0e6e372da9
- SHA256
  
  01c4ff5a431e2ff8ade9cb7d892ff2e8add9ff78cc15bc394788f0d7779b7d02
- SHA512
  
  fc57dd7c48154e0640d9bac9120427e84bb678544845d001aa252b4ff3ecca4a962abf772bdc10ead4a2d6d2cb89a0ab370765aa41187f30df76eb316005e912
- SSDEEP
  
  6144:JQFIrThznza/CYcbpwiHhuX2IoditEX+t4:EIznza/dcK0eZntEX+t4
Score

1^/10
behavioral29
- Target
  
  env/Scripts/dist/hacn.exe
- Size
  
  14.9MB
- MD5
  
  2f20a53d05d89d72a94192a6b8098b77
- SHA1
  
  5558fea4d61191ae61f1996a2800b7a17a3f34e0
- SHA256
  
  26c5013c45b75f401bdf8c8389bb66b9f17bdc1cd0851a8b1803ec7a85dbd96a
- SHA512
  
  147e0243ff304aa5316a0e1389f55c969193bf8513e893bf8fe7c1f3d9ff37afbb0cbbeeb966a98fc728e6b81b14bf4e440e5989e485fe461bb8bf7dc93b814e
- SSDEEP
  
  393216:HDfDoc6vWh2uCaoj0wAyvBF21TI6nx0I:Hb7uWhni0wx36
Score

10^/10

milleniumrat credential_access discovery evasion execution persistence rat spyware stealer
- MilleniumRat
  MilleniumRat is a remote access trojan written in C#.
  rat stealer milleniumrat
- Modifies WinLogon for persistence
  persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral30
- Target
  
  env/Scripts/dist/main.py
- Size
  
  268B
- MD5
  
  9b7501423e47e2367d8630517729870a
- SHA1
  
  81bef20b23a905fd25552834eca7a2794bca367e
- SHA256
  
  dbd9e33d2ad8586664c69450e47d8161858b05b3d6b1a16bf1128d1722723b7c
- SHA512
  
  d89782311f5fb79fe76eb6281ce7e307dfc6ad14601ad7f5390c9cbc123a9ddfef0a6a15d1062627154f13b84d2f3a30853cff154314b767e98e4ca45b2c4cfc
Score

3^/10
behavioral31
- Target
  
  gui.py
- Size
  
  37KB
- MD5
  
  9bffb53f9c4b0c6fbaaafc6788d10dcb
- SHA1
  
  21e6a694d34a3fadc8512e34b19f3cad74bf817e
- SHA256
  
  c8189ab063235467a56deeaae2192a4ac0f2be6782b19b3e7dc5358b0223cd3f
- SHA512
  
  e61b0482c67dbd1a39b8ed1421705e4bd698b4f1c94972b9a077a3f1ee7ce24788fa39eca71cc5e211c375c3e819ad4fc33920e0760cc1a525a82d613f5a24f3
- SSDEEP
  
  384:rfjBktbmdL8LxLyLXL9tYh6tr9f2L+vMPNPtLboevPKW6CjkabvLFLC117TDtOyh:r1kk8LxLyLXL9tBtoRn5bLFLzJwaMwYT
Score

3^/10
behavioral32