888rat

Sharing

General

Target

Toolz (astro).zip
Size

139.3MB
Sample

240926-qwjnvashrb
MD5

89a0981199604f671771b557e0f74696
SHA1

2f9490600208f17cdb65c051da5b6f8ac3d2c4c8
SHA256

1a649a20bf9dd6b577ed3051786b97e41e82270d784b2dd4e51a8e952510773f
SHA512

1ccd949e85aea2b32103efa4a39aa16a95c32dde3451ec1459ca655175cb43091c6ea55283debb79360cd18bbbacd365b67f31a456d74a0be4c470a922d23df8
SSDEEP

3145728:5ZparHZgZR/+0kZSi9vTwOgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrIO1iyH:FoGZp+0kEOgTIJ7y+rL5oxaNH

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:3232

Attributes

delay
1
install
true
install_file
System 32.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Toolz (astro).zip
- Size
  
  139.3MB
- MD5
  
  89a0981199604f671771b557e0f74696
- SHA1
  
  2f9490600208f17cdb65c051da5b6f8ac3d2c4c8
- SHA256
  
  1a649a20bf9dd6b577ed3051786b97e41e82270d784b2dd4e51a8e952510773f
- SHA512
  
  1ccd949e85aea2b32103efa4a39aa16a95c32dde3451ec1459ca655175cb43091c6ea55283debb79360cd18bbbacd365b67f31a456d74a0be4c470a922d23df8
- SSDEEP
  
  3145728:5ZparHZgZR/+0kZSi9vTwOgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrIO1iyH:FoGZp+0kEOgTIJ7y+rL5oxaNH
Score

1^/10
behavioral1
- Target
  
  888 Rat v1.2.6/888 Rat v1.2.6.exe
- Size
  
  75.0MB
- MD5
  
  ad33064a9ca95c5b3ed45c14b7fe2739
- SHA1
  
  0bd1286fa5fd936a31a4514798daffa444ce8e12
- SHA256
  
  5a14099abd6fe4b396094db7f9911251b25cd57893e14f97a7e7c5f44337bc98
- SHA512
  
  acb056e217edef4639179b24193a454f7e5aade51c1cc972e0458fc23c0ad982323161ad37050a4d849641dbf84719707efdcf4c99ecdf413381e5a752413647
- SSDEEP
  
  1572864:5mhnD+9mK/LnkHD1LYrXatfLllR3RboTmxXlIgU/cNruKPZiv:6nD+UozkJLYrXajR4ElIgU/c5Qv
Score

10^/10

888rat discovery infostealer rat trojan upx
- 888RAT
  888RAT is an Android remote administration tool.
  trojan infostealer rat 888rat
- Android 888 RAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  Anarchy Panel.exe
- Size
  
  54.6MB
- MD5
  
  94bac1a0cc0dbac256f0d3b4c90648c2
- SHA1
  
  4abcb8a31881e88322f6a37cbb24a14a80c6eef2
- SHA256
  
  50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
- SHA512
  
  30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
- SSDEEP
  
  786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj
Score

10^/10

asyncrat stealerium default collection discovery evasion execution persistence privilege_escalation rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Async RAT payload
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral3
- Target
  
  __MACOSX/Toolz (astro)/._Borat.7z
- Size
  
  176B
- MD5
  
  6fe023634c9e4d7aa45d741cc27f7c38
- SHA1
  
  632185eed0913f9a0757176b8f93ca5164ffa66d
- SHA256
  
  f22584998e4e43ec2ee9208a4442000e68dc394a86e098d14a6a6ca945ae9ff1
- SHA512
  
  bb35b53188c134f5612a70cb17575d19138c52d7c7f64a654bdf544816c1cd8e01d03ac046527512fb431e444e4461143b19f92cc896b04b74eed2b099e8cde1
Score

3^/10
behavioral4
- Target
  
  __MACOSX/Toolz (astro)/._DarkVision Rat.7z
- Size
  
  176B
- MD5
  
  50391083f1f503e2b48e787e70975a83
- SHA1
  
  8bb01e01f5e9ccfbecf68afab49ccaccdb7e4759
- SHA256
  
  cef0b1fb664b72ed672ce42b92df7fbf5aefb75c821bea7850949e92ecbddc9f
- SHA512
  
  fe59462d2ca2433c4ff3ee86b25d09dc32059cd1147f160ac5ec8d7abeb59fec0458718dfa9bbeac98f6fc806461d85716e821fac51324e31a7d911307f440e6
Score

3^/10
behavioral5
- Target
  
  __MACOSX/Toolz (astro)/._LOIC_2.9.9.99 2.zip
- Size
  
  229B
- MD5
  
  37003424c62158b951527d5ecf49b4eb
- SHA1
  
  b219d7dbfed402294620c775d8621d5c1afdd0dd
- SHA256
  
  d55dd04522efa3765bb8ebdc826af2aa806d76674cd07a8d5c3f746c5cdb016c
- SHA512
  
  b5f4c1e8439327549ff3a34aa4f02dcb54b6297c3d51fa8183992f9777146092db87a16e6511164124c2099b2641bac6b0f35f6a7a5e2c13b911a1713a5dcdc7
Score

1^/10
behavioral6
- Target
  
  __MACOSX/Toolz (astro)/._Netflix checker.7z
- Size
  
  176B
- MD5
  
  3fb98ee0cc3fba7a7efbcca62b407461
- SHA1
  
  bf31d00a1267239b5df25745fd0a09d2895ddcad
- SHA256
  
  17374e638d89419c7a7240a8279a83413c3a3dde9d145c7f842f2e1429ee9b36
- SHA512
  
  ceae5cba86b95934a57eb24cd3278513c51e058d1e9848125599e567ba85c56f78cbbe799fa01038e37cac153eaca70cfadfbda5eb3aea9667d4ea6ab8d79eab
Score

3^/10
behavioral7
- Target
  
  __MACOSX/Toolz (astro)/._XBinder V2.7z
- Size
  
  176B
- MD5
  
  4307a3456a0ba3dae9ebc13b2a40cef6
- SHA1
  
  0bdde56b283025857e1b77a4adc55fadd7f48846
- SHA256
  
  af360a10f7890b46897bbbd372fca30f90add070df90c3608d545a76291746ae
- SHA512
  
  83df553730e82306e0d46d78df603a1cea0bd8b8f280d133974cc9a8953faa13dcf65b533eabfe2722049de7f53df1ae44d8e07940fc797462e3fc869e067c19
Score

3^/10
behavioral8