Overview

overview

10

Static

static

10

SheetRat/....7/.suo

windows7-x64

3

SheetRat/....7/.suo

windows10-2004-x64

3

SheetRat/C...d.json

windows7-x64

3

SheetRat/C...d.json

windows10-2004-x64

3

SheetRat/C...er.exe

windows7-x64

3

SheetRat/C...er.exe

windows10-2004-x64

3

SheetRat/G...re.dll

windows7-x64

1

SheetRat/G...re.dll

windows10-2004-x64

1

SheetRat/G...ms.dll

windows7-x64

1

SheetRat/G...ms.dll

windows10-2004-x64

1

SheetRat/I...or.dll

windows7-x64

1

SheetRat/I...or.dll

windows10-2004-x64

1

SheetRat/I...ip.dll

windows7-x64

1

SheetRat/I...ip.dll

windows10-2004-x64

1

SheetRat/Maps.json

windows7-x64

3

SheetRat/Maps.json

windows10-2004-x64

3

SheetRat/M...gn.dll

windows7-x64

1

SheetRat/M...gn.dll

windows10-2004-x64

1

SheetRat/M...ts.dll

windows7-x64

1

SheetRat/M...ts.dll

windows10-2004-x64

1

SheetRat/M...rk.dll

windows7-x64

1

SheetRat/M...rk.dll

windows10-2004-x64

1

SheetRat/NAudio.dll

windows7-x64

1

SheetRat/NAudio.dll

windows10-2004-x64

1

SheetRat/N...on.dll

windows7-x64

1

SheetRat/N...on.dll

windows10-2004-x64

1

SheetRat/P...un.dll

windows7-x64

1

SheetRat/P...un.dll

windows10-2004-x64

1

SheetRat/P...at.dll

windows7-x64

1

SheetRat/P...at.dll

windows10-2004-x64

1

SheetRat/P...rd.dll

windows7-x64

1

SheetRat/P...rd.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    SheetRat.rar

  • Size

    37.7MB

  • Sample

    240911-fgb1catclp

  • MD5

    96d78f64bf35d1e7eab9fdd4a94024a5

  • SHA1

    f582887a37470a652673feb97731eec440963bdb

  • SHA256

    8582552daef598956aa6dc1eaf9626318e52517df7363235c392b95945a06ea4

  • SHA512

    ae6ccfa3b6233579e073d83aaaab71f83aa9e297bf47078c80e32ee6b40de93f6ba0bdfc8979097869370cc7eb852598e9934ae2142a3a04c98a85894988e30b

  • SSDEEP

    786432:Y2Tlr1cRNg/2pMD3cXPz2QmpUQEGLEVVSgA9bU4ND3S6iO:zr+gewsfz2QmpUWLE+04NzRiO

Score
10/10
xmrigdiscoveryminerpyinstaller

Malware Config

Targets

    • Target

      SheetRat/.vs/Server/v17/.suo

    • Size

      7KB

    • MD5

      d9ab89cf476f286145da0299c5e1b46c

    • SHA1

      df3da6f72a67e1ecc3dc9beef5dff5c35946361a

    • SHA256

      399fe53ead04b183dba30789e4daf707ab151da78274774ce03dc3208fb2e62f

    • SHA512

      21c4dc9bb9e4d20555d0c74ba64b9822a2740a80a1e1834be687e445f43dfac1e5a33368c481e512e752a06b724549dfec2df26b6c775fd22f37d101401bbab5

    • SSDEEP

      24:r+kXQf2XS1XQf2XZM0djsGNtu0djNNMxduC4u2GOC2yhCNkCtCPOC2yhCNkCtChr:r+NBMhzNx/Joyey/6fr6fMJ

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      SheetRat/ConfigBulid.json

    • Size

      5.0MB

    • MD5

      3f1a40c2800334a7ba3df90e529471c0

    • SHA1

      eea4c44fb3e7d0f55f6a57821d0501b039084f0c

    • SHA256

      68ae27511e7f065142ef546d777554636065290af48dbd5f4a1c1087477e4ec6

    • SHA512

      2b6673b77d050fe93801646e284c1876d3105094b6dce12a9f790b58db41987565332cefc1909aaec9fdc1b9936894f0ac3717ba1164d605020ce9157803eb5d

    • SSDEEP

      49152:DXIvJr3qnX+svyOveDTL7ceGSrq5ECs64l/WrBa2BFquUHhqcxxzdjyA+:V

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      SheetRat/Confused/Server.exe

    • Size

      1.8MB

    • MD5

      2f4953747860b6b9f5e2d281ad7b33ed

    • SHA1

      b3c494f18efc33201bfeb70c46a20305e9e6a4c1

    • SHA256

      b497e24534343529d5393ebdbb2d9f7418ee984621a1ac17c61f6b69a19ea548

    • SHA512

      e64337f8cb3491b0962c9caa6a44fb6dbeb4d439b1ea9959475b85244537ada732a894199c77f56c92fa28f676ffac371c84769acdcac7400493f9042710c765

    • SSDEEP

      24576:IpU3em+XAPv+yqIflXp8QuPPWijaVjZ3XNS/c6vRpoEosA7iNP:HL+pynt5eFWVjZHN8Tis4iNP

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      SheetRat/GMap.NET.Core.dll

    • Size

      2.9MB

    • MD5

      819352ea9e832d24fc4cebb2757a462b

    • SHA1

      aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

    • SHA256

      58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

    • SHA512

      6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

    • SSDEEP

      49152:ot12Gb/hz7ZsK9qY5uyUW57VC4IB1+fXhQ1hyCzMw/22fSg7gjxhUE/nbTC0xemh:oLbteKb57W1+PhQ1HM1gmJ/SZmh

    Score
    1/10
    behavioral7behavioral8

    • Target

      SheetRat/GMap.NET.WindowsForms.dll

    • Size

      147KB

    • MD5

      32a8742009ffdfd68b46fe8fd4794386

    • SHA1

      de18190d77ae094b03d357abfa4a465058cd54e3

    • SHA256

      741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

    • SHA512

      22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

    • SSDEEP

      3072:k1GmgYqIY/0YSDBRGlDUqL63budipxj64m8HWYh3vHbFwMhLJSb+:lIO6rGloqL63qW62lJ

    Score
    1/10
    behavioral10behavioral9

    • Target

      SheetRat/IconExtractor.dll

    • Size

      10KB

    • MD5

      640d8ffa779c6dd5252a262e440c66c0

    • SHA1

      3252d8a70a18d5d4e0cc84791d587dd12a394c2a

    • SHA256

      440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2

    • SHA512

      e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32

    • SSDEEP

      192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl

    Score
    1/10
    behavioral11behavioral12

    • Target

      SheetRat/Ionic.Zip.dll

    • Size

      451KB

    • MD5

      6ded8fcbf5f1d9e422b327ca51625e24

    • SHA1

      8a1140cebc39f6994eef7e8de4627fb7b72a2dd9

    • SHA256

      3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd

    • SHA512

      bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4

    • SSDEEP

      6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9

    Score
    1/10
    behavioral13behavioral14

    • Target

      SheetRat/Maps.json

    • Size

      120B

    • MD5

      26ae282c0d2b57ecb59df352a5087034

    • SHA1

      1845272cb1eb13dc3f67988dbbd5c2957c776d1f

    • SHA256

      f2cceebed9f1a3bc6144b7401294be23efe2ca4ac3611e85b828a4e759cd560e

    • SHA512

      71ea8c3f36cf9ad81545629a7cf6afd13b68bc941d70d5553592d1bb8bf6cd63ee09c3d9f9ce2de52e36264f149fd21695d1e28f116367ac0a743ebdba49226f

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      SheetRat/MetroFramework.Design.dll

    • Size

      16KB

    • MD5

      ab4c3529694fc8d2427434825f71b2b8

    • SHA1

      7be378e382e43eae84f1567b3570bca9a67e7697

    • SHA256

      0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65

    • SHA512

      02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5

    • SSDEEP

      384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr

    Score
    1/10
    behavioral17behavioral18

    • Target

      SheetRat/MetroFramework.Fonts.dll

    • Size

      656KB

    • MD5

      65ef4b23060128743cef937a43b82aa3

    • SHA1

      cc72536b84384ec8479b9734b947dce885ef5d31

    • SHA256

      c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

    • SHA512

      d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

    • SSDEEP

      12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw

    Score
    1/10
    behavioral19behavioral20

    • Target

      SheetRat/MetroFramework.dll

    • Size

      345KB

    • MD5

      34ea7f7d66563f724318e322ff08f4db

    • SHA1

      d0aa8038a92eb43def2fffbbf4114b02636117c5

    • SHA256

      c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

    • SHA512

      dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

    • SSDEEP

      6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj

    Score
    1/10
    behavioral21behavioral22

    • Target

      SheetRat/NAudio.dll

    • Size

      464KB

    • MD5

      2e68aeb46e26a29ffe74cf97b94cbaf0

    • SHA1

      9384fa2946f744be3b47e131df14cbc0632052d2

    • SHA256

      8e347abc9301d67dd7493a0fbbe5cc1f912900c204a84220cc8cdf0e0b8df0de

    • SHA512

      39e56b0dd316e9a927ffeff486969f2a472f9b262b6a131afa60c34baa01784cde9cc6944f1a46ee73f3cc7135cb0049cc5a4bdfa419fab37667829522f6e7c9

    • SSDEEP

      6144:igY2UEI+85kQDHzER++2a4cSuEsHTyRwl0AYTA7qkpRMUwbX/1rFXF:TY/HXQl40HHdS4qYWN1F

    Score
    1/10
    behavioral23behavioral24

    • Target

      SheetRat/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    behavioral25behavioral26

    • Target

      SheetRat/Plugins/AutoRun.dll

    • Size

      12KB

    • MD5

      2d1298818aa582a1f1dd51dedf879cbf

    • SHA1

      429d01cabab977bcade38754ed28d8793ce1592d

    • SHA256

      f8c4e2f96fe1030a276cd7fb6c5e5a0a675f953f2b33db08fdff3d472658d098

    • SHA512

      0f482a322df5ee24c99348ea084bb358e37c7a8137afa46132aa7c06f1119c12b5ac711344263eb9556ce179738bebe58af6fd72c57933d8ae2a7d60dfba71fd

    • SSDEEP

      192:MIoRKIwOQJOsOTtiavNAf9/HFd8BPCP2a2uPzNcg8wFlxUSod:aRKDOaOsOTtiaVk9/lYPCP2a2uxZISM

    Score
    1/10
    behavioral27behavioral28

    • Target

      SheetRat/Plugins/Chat.dll

    • Size

      14KB

    • MD5

      61f46a6a9dd8464648fc70402aad5fa7

    • SHA1

      6f527ab6fc489df4c3882ab32f9cbcf3abc2f17f

    • SHA256

      68c12c72a722fbf333352aad3308d297642e81d3298a9db7a10fbaf9042aea52

    • SHA512

      44263c4bad2d2c17a1e87d682dada5855c31c8018ea8f28aaec5746a87643c29aa1554bc8a8da774f2bd43dc9009f4e721191c9fbe3a12b60c85ce028e556256

    • SSDEEP

      192:fclXwW7eCEW0aGMuisfC5GsTT9gsn9Tu5IPa9iiAKxfjd:Ulg2eBH7isK5Gs+09Tu5IPpiA4fjd

    Score
    1/10
    behavioral29behavioral30

    • Target

      SheetRat/Plugins/Clipboard.dll

    • Size

      9KB

    • MD5

      d923f938fa89c84fe23cc827e4d71724

    • SHA1

      9c9a4d7a8b15b2e4a192f6d961c1241cb4d5326e

    • SHA256

      343c783191ce6fa824d6b64cb870b1f7fd41fe4cbdf0e17600d3615c444faa41

    • SHA512

      bc6766b5ba446034933a7031435056bbc93ce3f1ec2bbc8a6a98e4b0fa7bc708732b6c7bb4abf3dc7aba277b6f76100540fdb9ba85d8672d0cc778a4c3efd9ec

    • SSDEEP

      96:YCM73NjKIwOQcOsOC2708r4l+RnMqPM2cwRM92tTHoMbqLO:1iJKIwOQcOsOz7Jrh1WAC4tTIMbqq

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstallerminerxmrig
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10