Overview
overview
10Static
static
10Toolz (astro).zip
windows10-1703-x64
1888 Rat v1....6.exe
windows10-1703-x64
10Anarchy Panel.exe
windows10-1703-x64
10__MACOSX/T...rat.7z
windows10-1703-x64
3__MACOSX/T...Rat.7z
windows10-1703-x64
3__MACOSX/T... 2.zip
windows10-1703-x64
1__MACOSX/T...ker.7z
windows10-1703-x64
3__MACOSX/T... V2.7z
windows10-1703-x64
3General
-
Target
Toolz (astro).zip
-
Size
139.3MB
-
Sample
240926-qwjnvashrb
-
MD5
89a0981199604f671771b557e0f74696
-
SHA1
2f9490600208f17cdb65c051da5b6f8ac3d2c4c8
-
SHA256
1a649a20bf9dd6b577ed3051786b97e41e82270d784b2dd4e51a8e952510773f
-
SHA512
1ccd949e85aea2b32103efa4a39aa16a95c32dde3451ec1459ca655175cb43091c6ea55283debb79360cd18bbbacd365b67f31a456d74a0be4c470a922d23df8
-
SSDEEP
3145728:5ZparHZgZR/+0kZSi9vTwOgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrIO1iyH:FoGZp+0kEOgTIJ7y+rL5oxaNH
Behavioral task
behavioral1
Sample
Toolz (astro).zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
888 Rat v1.2.6/888 Rat v1.2.6.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Anarchy Panel.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
__MACOSX/Toolz (astro)/._Borat.7z
Resource
win10-20240611-en
Behavioral task
behavioral5
Sample
__MACOSX/Toolz (astro)/._DarkVision Rat.7z
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
__MACOSX/Toolz (astro)/._LOIC_2.9.9.99 2.zip
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
__MACOSX/Toolz (astro)/._Netflix checker.7z
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
__MACOSX/Toolz (astro)/._XBinder V2.7z
Resource
win10-20240404-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:3232
-
delay
1
-
install
true
-
install_file
System 32.exe
-
install_folder
%AppData%
Targets
-
-
Target
Toolz (astro).zip
-
Size
139.3MB
-
MD5
89a0981199604f671771b557e0f74696
-
SHA1
2f9490600208f17cdb65c051da5b6f8ac3d2c4c8
-
SHA256
1a649a20bf9dd6b577ed3051786b97e41e82270d784b2dd4e51a8e952510773f
-
SHA512
1ccd949e85aea2b32103efa4a39aa16a95c32dde3451ec1459ca655175cb43091c6ea55283debb79360cd18bbbacd365b67f31a456d74a0be4c470a922d23df8
-
SSDEEP
3145728:5ZparHZgZR/+0kZSi9vTwOgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrIO1iyH:FoGZp+0kEOgTIJ7y+rL5oxaNH
Score1/10 -
-
-
Target
888 Rat v1.2.6/888 Rat v1.2.6.exe
-
Size
75.0MB
-
MD5
ad33064a9ca95c5b3ed45c14b7fe2739
-
SHA1
0bd1286fa5fd936a31a4514798daffa444ce8e12
-
SHA256
5a14099abd6fe4b396094db7f9911251b25cd57893e14f97a7e7c5f44337bc98
-
SHA512
acb056e217edef4639179b24193a454f7e5aade51c1cc972e0458fc23c0ad982323161ad37050a4d849641dbf84719707efdcf4c99ecdf413381e5a752413647
-
SSDEEP
1572864:5mhnD+9mK/LnkHD1LYrXatfLllR3RboTmxXlIgU/cNruKPZiv:6nD+UozkJLYrXajR4ElIgU/c5Qv
-
Android 888 RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
Anarchy Panel.exe
-
Size
54.6MB
-
MD5
94bac1a0cc0dbac256f0d3b4c90648c2
-
SHA1
4abcb8a31881e88322f6a37cbb24a14a80c6eef2
-
SHA256
50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
-
SHA512
30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
-
SSDEEP
786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj
-
Async RAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
-
-
Target
__MACOSX/Toolz (astro)/._Borat.7z
-
Size
176B
-
MD5
6fe023634c9e4d7aa45d741cc27f7c38
-
SHA1
632185eed0913f9a0757176b8f93ca5164ffa66d
-
SHA256
f22584998e4e43ec2ee9208a4442000e68dc394a86e098d14a6a6ca945ae9ff1
-
SHA512
bb35b53188c134f5612a70cb17575d19138c52d7c7f64a654bdf544816c1cd8e01d03ac046527512fb431e444e4461143b19f92cc896b04b74eed2b099e8cde1
Score3/10 -
-
-
Target
__MACOSX/Toolz (astro)/._DarkVision Rat.7z
-
Size
176B
-
MD5
50391083f1f503e2b48e787e70975a83
-
SHA1
8bb01e01f5e9ccfbecf68afab49ccaccdb7e4759
-
SHA256
cef0b1fb664b72ed672ce42b92df7fbf5aefb75c821bea7850949e92ecbddc9f
-
SHA512
fe59462d2ca2433c4ff3ee86b25d09dc32059cd1147f160ac5ec8d7abeb59fec0458718dfa9bbeac98f6fc806461d85716e821fac51324e31a7d911307f440e6
Score3/10 -
-
-
Target
__MACOSX/Toolz (astro)/._LOIC_2.9.9.99 2.zip
-
Size
229B
-
MD5
37003424c62158b951527d5ecf49b4eb
-
SHA1
b219d7dbfed402294620c775d8621d5c1afdd0dd
-
SHA256
d55dd04522efa3765bb8ebdc826af2aa806d76674cd07a8d5c3f746c5cdb016c
-
SHA512
b5f4c1e8439327549ff3a34aa4f02dcb54b6297c3d51fa8183992f9777146092db87a16e6511164124c2099b2641bac6b0f35f6a7a5e2c13b911a1713a5dcdc7
Score1/10 -
-
-
Target
__MACOSX/Toolz (astro)/._Netflix checker.7z
-
Size
176B
-
MD5
3fb98ee0cc3fba7a7efbcca62b407461
-
SHA1
bf31d00a1267239b5df25745fd0a09d2895ddcad
-
SHA256
17374e638d89419c7a7240a8279a83413c3a3dde9d145c7f842f2e1429ee9b36
-
SHA512
ceae5cba86b95934a57eb24cd3278513c51e058d1e9848125599e567ba85c56f78cbbe799fa01038e37cac153eaca70cfadfbda5eb3aea9667d4ea6ab8d79eab
Score3/10 -
-
-
Target
__MACOSX/Toolz (astro)/._XBinder V2.7z
-
Size
176B
-
MD5
4307a3456a0ba3dae9ebc13b2a40cef6
-
SHA1
0bdde56b283025857e1b77a4adc55fadd7f48846
-
SHA256
af360a10f7890b46897bbbd372fca30f90add070df90c3608d545a76291746ae
-
SHA512
83df553730e82306e0d46d78df603a1cea0bd8b8f280d133974cc9a8953faa13dcf65b533eabfe2722049de7f53df1ae44d8e07940fc797462e3fc869e067c19
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1