52084aedb0e8da9ccb921e1f3430cad80c7ef56217dffbeec9caee0a9ff85e14

Resubmissions

12/10/2024, 05:27

241012-f5h4kazgll 8

Sharing

Copy URL

Twitter E-mail

General

Target

NullRAT-source.zip
Size

546KB
Sample

241012-f5h4kazgll
MD5

159cb845b37f6935d4f9f23f2b7cf753
SHA1

70363a2e76f34d06f100f2fe110986e59ff59cc8
SHA256

52084aedb0e8da9ccb921e1f3430cad80c7ef56217dffbeec9caee0a9ff85e14
SHA512

1b00b4683c846f43c94c8d72fa6ed0563cbf8d032f51045b574facefb6e8ddb3ea103a66e2848fc266e74842d24b9c55b66dfb6401bfd818d3adf686e488de15
SSDEEP

12288:ntlemY9q6RD8cvKRBhSXYLZIrY1GvryVVDMTzmWWY9ps5Jm:tX6aBLwDy7YT6pY9p6m

Score

8^/10

Malware Config

Targets

- Target
  
  NullRAT-source/NullRAT/RAT.py
- Size
  
  7KB
- MD5
  
  53b9d54a9581a7e043e8267abfeee7bf
- SHA1
  
  621ee8223b64079c5aa68036d8cfc3e7fac2f6fc
- SHA256
  
  a4db7a6f8861e3f554bfb9ced2912d8fe0bbaf74f08d507ee159d1775bfb7990
- SHA512
  
  a91a90fe3a6c290f6a2aed0cc6e1bee7b2a46f50f8294379c5ff3889985a5a1a886e81c10a4e04235e6cea587a78c9ec3024d4d0d5dd9573cb25a7bce4229491
- SSDEEP
  
  192:nOdJkyK1Irlev/Vko1VODfqifRgzTkv2+1M0hW/KPk+O9:nODlev/VNVoRgPkO+10
Score

3^/10
behavioral1
- Target
  
  NullRAT-source/NullRAT/modules/ChangePass.py
- Size
  
  1KB
- MD5
  
  5b0a94cdb69f59d3dc3dbf399c606ef2
- SHA1
  
  6381bf5354edf6a88530821cc7c3cef149cff7f4
- SHA256
  
  0f8d3ae9ffde3ad7724f8dbf5b77f0ec8471ed40864726dd0c35581ec79293e2
- SHA512
  
  a467c4546071c2ab93dfa96d8fc206f2513e224f6f709ceeccf251bec478a243710205150c3d1b55f902173b79592e5b7d00aea77bddeb444452433f82c60358
Score

3^/10
behavioral2
- Target
  
  NullRAT-source/NullRAT/modules/checkedtokens.py
- Size
  
  5KB
- MD5
  
  50b76f61ca6e23fd4914670e40752280
- SHA1
  
  550e40a257da3f67723a1337b0eb712ac776ace6
- SHA256
  
  07728c218c21d6539ce2bc5e68e5d0844a1510ff7b9e7047d950da69c81c154a
- SHA512
  
  e46704198d852ecf66b7d111f649e229b2897b81e2418b5f4427ed7a100840f8e9425f477f9c0ba1a96c8b21350bbb36dc1a0104ecd7797268ddfb12442a6651
- SSDEEP
  
  96:WiWISmmjgSOgJUlJAtvWtWXCYPCy1C/fKCu:9XfTJlKtwnE
Score

3^/10
behavioral3
- Target
  
  NullRAT-source/NullRAT/modules/clipboard.py
- Size
  
  1KB
- MD5
  
  3e8b0933cf21fbba46b5148e31b6189c
- SHA1
  
  ff65f3ebf84bd556dd192cae046a3b0a9a716149
- SHA256
  
  b5d24c0f338e821b6173fd14e23dd3fc1e7940b1ad2e104ee1677b2c68768c16
- SHA512
  
  b35352c600d03bbe126efc4e83f6f0fc6a9d5c48ff6e786214f5bbc7a4f01695ff8ede3e84364486f3401fde65508cd4aadd5c5a723319b5e424e6c1ee7d8661
Score

3^/10
behavioral4
- Target
  
  NullRAT-source/NullRAT/modules/create_new_module.py
- Size
  
  721B
- MD5
  
  41b36a5446a0ad581931e7bc24815f2c
- SHA1
  
  b4e404341181e3b80b183c3415b34d64346712e0
- SHA256
  
  5069cce98f5f93f22fa74300f8fa504240d9b0d7b94991cf51d3494b5680f4f4
- SHA512
  
  3d7f529d0486ef7fc6e86a8a742aa642ae0fe54be7f7849b3f0bebe2d151f156e7b317d964943410c60265337448e59d489bdc47ca2b9b9df2ea5a5f89f6c666
Score

3^/10
behavioral5
- Target
  
  NullRAT-source/NullRAT/modules/directory.py
- Size
  
  8KB
- MD5
  
  54c9a75c34b4a89fc4702b6fd9a200e2
- SHA1
  
  31e353feb3615d38d60b6274a82be7a750786b0c
- SHA256
  
  3073fa67676f1ec8f3fe89c545708e62bd48ffd19a9cfdc11b76b66efcd625c3
- SHA512
  
  62ed58dca41c48f97c28f7ee1fd1012ad84a1d26245e1045d9cb703b9d7c4e4ed5316788e132891e2c716198788c9c42b1129c33c2784d5334ecff7eafd5016b
- SSDEEP
  
  96:8Wi0ScxScKYAJqUS+AhSKI5RYq61vRQBKXCYPCy1C/fKCv:5xhx1sJpQhpI5RYq6ebB
Score

3^/10
behavioral6
- Target
  
  NullRAT-source/NullRAT/modules/geolocate.py
- Size
  
  1KB
- MD5
  
  a4c5fd66f1a5ce4823d9bd2370dcbd95
- SHA1
  
  c7803ac66bba19350e08d9024681dede22ade39d
- SHA256
  
  f65e4d8f566c185be41faf1ec9b5ccaffe18b5251a421594ad58bfe80a52b9eb
- SHA512
  
  c909cddf449a82d8b26142e8d8888ff6e288da0bf93b46c27b0ff4e72beb34264a2aeb24c84caa8dd6563a21d609bd4ec2ae759976a1c1ab5670c279ac4ef8ae
Score

3^/10
behavioral7
- Target
  
  NullRAT-source/NullRAT/modules/getenv.py
- Size
  
  2KB
- MD5
  
  1f0633728de2c79754c5c6edad6343b8
- SHA1
  
  c5a2b3e21e2126fbf667d45aeeeb45a530b7ac91
- SHA256
  
  1515cbae570df7511f40e3f50c6ccc68ead4588df421f51f2ab2b475ba550d71
- SHA512
  
  358e1022f1b50b5d21fa0a69e57c74db436a938d6fcca78536decebe979ac2c0933e956ff8978a74fb8a5e31258952a419bf085657dae4648a59aaf9813c01e9
Score

3^/10
behavioral8
- Target
  
  NullRAT-source/NullRAT/modules/hideFile.py
- Size
  
  1KB
- MD5
  
  cae8e7687405edf9074e1676900464ae
- SHA1
  
  5eed4b0b530e00ec4f62c243848e3015d1d28e3b
- SHA256
  
  c4b392b39cc4199bb76284f94735bd94be2e5bb68d14f4a005eaf27fa7f6519d
- SHA512
  
  7a5c0352ff61e504652209d78a5fd93a6beef0bf7ff5e4572049694bdd48fc27da32e43d6fcddf6fef010122ade1aa232497777f776268b2641d2e6e52f8e95b
Score

3^/10
behavioral9
- Target
  
  NullRAT-source/NullRAT/modules/rawtokens.py
- Size
  
  2KB
- MD5
  
  2d79043b065bc0c85a816f93eb952899
- SHA1
  
  dd17dc2b2008f660cefaf76daf9bb5fdd398bdf7
- SHA256
  
  2de75e95ad10b7727cf85f2349f512966be0f0bba93f45c6c37e56549bf2979e
- SHA512
  
  e761cd2770355ec8aefb1976649f5ce36c68888de45a8ca1443f5f5be5e70917244f5e3495c3d10403994f611df5fc640545f244e3c0c74d4146940d7a2a7dc4
Score

3^/10
behavioral10
- Target
  
  NullRAT-source/NullRAT/modules/receivefiles.py
- Size
  
  2KB
- MD5
  
  14c817fe2e17b4b16e7cae07a65dc475
- SHA1
  
  ad4415e88392f95d3d61e61486c0b3b6067f1dc1
- SHA256
  
  a876f220b3a623705d4c0cf08285295264b4624db301e2423997dad690e3cdff
- SHA512
  
  e5df3350e4bc03844e5b3ab23578867e143e2e41e7b4a180e805095245923f65302aa9dd4e0aa7d35fd4a8dd538914d878b785c3cf5895c045ba3e65704fcc0a
Score

3^/10
behavioral11
- Target
  
  NullRAT-source/NullRAT/modules/runfile.py
- Size
  
  1KB
- MD5
  
  ffec4f5d07a5d410d1a0a48dd3c73875
- SHA1
  
  3cabd480852265a1a244bba5b28b02ea4430f60a
- SHA256
  
  347e6f13003ca6222ad7bb431ee92035a652e6a96af6857f84ac8be2c5d3d8cc
- SHA512
  
  6450c42298df90cb85b0267afd23e149c8a379e64aaf34b49a177269465ddde8098beda041ae2ec7f575e3893cd4ccc45652e48c1bd3125a5d7411e720edff14
Score

3^/10
behavioral12
- Target
  
  NullRAT-source/NullRAT/modules/screenshot.py
- Size
  
  1KB
- MD5
  
  8226d3a37b1b31abb0b37240d1ec30fd
- SHA1
  
  0e549b656a7d6ec410f11d30c6a583bbb17d0bde
- SHA256
  
  c679fb28ffbfb19676cc6e79aeaf5229305b94513936f5649210af585110f93a
- SHA512
  
  92cfe070eff6130d102150d4c7bf5401016c778b215603295c32b9bbec211ba87da52a06accdb1dc3687598f1bdeabf0f0e6c3d6fbd6fbd656b8ca25bf4fe346
Score

3^/10
behavioral13
- Target
  
  NullRAT-source/NullRAT/modules/sendfiles.py
- Size
  
  1KB
- MD5
  
  7c673948443e7509e6da2abdb067c59a
- SHA1
  
  f6dd775b691f88c2f3889548f0f365ffb71c1a0e
- SHA256
  
  0be4ddd2b91060c502dbbe8ae7f6fe77ed016c207dfb1dbe55b0ed372663b1b3
- SHA512
  
  81f6be2471a05fdc1d5e1ec6c251ca243b41b75a208fb180bf0895be5d4fffbe449b30efe7f6433027e5ab26ba0ffff427e2c1b89572f7b225818d955cb4aa44
Score

3^/10
behavioral14
- Target
  
  NullRAT-source/NullRAT/modules/shell.py
- Size
  
  2KB
- MD5
  
  ccce8aa21b4e110c6971b99ccbe1256c
- SHA1
  
  cf22c8ddd98b83111925ee891d68302ebb383f44
- SHA256
  
  1ee197b63c175e94eb3994f14ffe29ddf32961bb86fa6caf5618b7cecc2058da
- SHA512
  
  de9a4ccf58588946bf45707360d19583710403745b2c58ee1c7f030fe3c88739b9f43d0cb5ecfd1755325e1b9adcbf357f0c4aaef5bae4bdb298c098f84138aa
Score

3^/10
behavioral15
- Target
  
  NullRAT-source/NullRAT/modules/startup.py
- Size
  
  2KB
- MD5
  
  fd67fe5aed092fefa392154f1d01c7dd
- SHA1
  
  a08daf6ef3a245fb9662ced06679b4a900895a37
- SHA256
  
  1ef3ff1b8b056ecaad157612229158a6c9c7f1af3c621db2527b175f7013f79d
- SHA512
  
  54ebac20cb012e752629fc3c38682e7c451b8ff8fb23ef452b8a5f25726b5013e4f0739498f5c2e3049f404ee01e044a3528e7b58fdfb5dd148aa4039f147f64
Score

3^/10
behavioral16
- Target
  
  NullRAT-source/NullRAT/modules/systeminfo.py
- Size
  
  1KB
- MD5
  
  d8ff32bc64c8c7ce6ba48c752ba37422
- SHA1
  
  e0686a7dc80718363fd0d06529667d4879542b0c
- SHA256
  
  95a1e49579c2c3083272313234ebc6ff447720871f8be27c9ce5d0be7409714c
- SHA512
  
  2818a6adf12f93990753f50e55eac061c3b9b323f3dd2fd54d2516bf9fab0109daf8202a967d8f45d6f9efa87d8ffe71944e0021ae2bcc7fe59bdb0e34eb87c5
Score

3^/10
behavioral17
- Target
  
  NullRAT-source/NullRAT/modules/tasklist.py
- Size
  
  3KB
- MD5
  
  b97687c00c658beda7a3c672a9f938b9
- SHA1
  
  6214a91682bd23ee60a66b89bb37075a4d7bfdaa
- SHA256
  
  d3e95a0140e5f2c16c91a8d40b3db1096d4df9498b5c35dfb66877fcbde0cc16
- SHA512
  
  22dc5d60cd0c249d41b6fe6b4944de919b9dade78589a1a1f6e969a91584e50f60142c7f1faa70144d06449dbe40ea4cad92512838d97aa2294b7174404b3923
Score

3^/10
behavioral18
- Target
  
  NullRAT-source/NullRAT/modules/unhideFile.py
- Size
  
  1KB
- MD5
  
  ddf588536cd443940fba9159e5c8654e
- SHA1
  
  cb47a65bdd7f4e9a7c605d726d88b0f192232c4c
- SHA256
  
  3addf1cdf92d1fe8af3e28e68ac418c98a08f602be74784d463377ab2b28fb1e
- SHA512
  
  122842f9b911caaa836d71572293c91bf9c4094828bdc34f2a12baecff6fb80018ae7193469fd9f55f88598defba172d5a53080804286aeb64f063dd9bc7bb53
Score

3^/10
behavioral19
- Target
  
  NullRAT-source/NullRAT/modules/webcam.py
- Size
  
  2KB
- MD5
  
  04506fad6ace1bd1af96c31fde8bb34f
- SHA1
  
  30e90dac414a22c9a3e4eb46da272e044e855d96
- SHA256
  
  6e4252d4ccb5ab2b548bff91ceaf46075baef7f02aba34c75e63f6013628add7
- SHA512
  
  cb70ce7d729a9640529ba7ad9e27d406cd8326c134b9301cbeb33492b97a9093a79714ece89d98f83fb1bcc99b86c00d264cc95d43816a2fd1b14a16160532bc
Score

3^/10
behavioral20
- Target
  
  NullRAT-source/NullRAT/modules/wifiList.py
- Size
  
  1KB
- MD5
  
  f4935c63fdad47aba625ce9601258d68
- SHA1
  
  6824669496b9780787472b3f3fe4224e64828d4b
- SHA256
  
  f2245c96bfae900d08404d4cb3a18b37b0812fe20d3cd1263a96e1378e058335
- SHA512
  
  39e0a68fa2c78343eb7e76dc537c4e39782f7d1ee19156c9d122f06605f649107f4cb478ad0f726743aca7d92ea0a9ee6e13a8352dbfbb7b0a6475ee2c03edba
Score

3^/10
behavioral21
- Target
  
  NullRAT-source/NullRAT/modules/wifiPass.py
- Size
  
  1KB
- MD5
  
  d20eed45aab6d8de5e01c3978cad5131
- SHA1
  
  7f372e10a74f4b9535d9e750a474ded75c61208e
- SHA256
  
  096eb796aafb67885289c65a4ec32afad102747bc3a66489884f031cf435eed1
- SHA512
  
  c3ce1dfa935df7b00e15f1481dd422a77e5180ac9417a810435b7f39b1cfd7535e885d975e6f95466bd3d038ef2472d74b3ed68d2c3d56f85c3a8595c25e618c
Score

3^/10
behavioral22
- Target
  
  NullRAT-source/NullRAT/upx/upx.exe
- Size
  
  518KB
- MD5
  
  b954c652909e881175aeac88a36da5ee
- SHA1
  
  f952663cd836123139a796e805e0c898dee16497
- SHA256
  
  5e1a476c36e19750a0aa4b2460ed54c14d94bcb41f70ed489e1eb87da6d4744f
- SHA512
  
  8e56fbdf29ed3879459bc3fc1a8ca717bceface29803ffcb5eb6605d66105b52245bdf698428c8a74a744cbc9a6d8536dc348deaeece33fa5aa098902d36c4d4
- SSDEEP
  
  12288:z0lFv0LVXFGoNOl51aBlXRVRnUAqxqWfbOJv+kDoXkwawLau:wFeV17NOl51kVRVRZkqWfEbDoXk8
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23
- Target
  
  NullRAT-source/compiler.nim
- Size
  
  19KB
- MD5
  
  33c6bf6ba8de501edabed6345a34e5f8
- SHA1
  
  efde12b4dfe361b355e83343ca3f3e89ab11dafd
- SHA256
  
  88220cbcb738fc27179dc68f31880dbb3634d0027065c4d0a144d25b8310da0c
- SHA512
  
  207d64d1c8008ec7ec0369f4f45f193af51fdc96f44755eba66c9b0348668b12a93c26c94f2a3dc9d9070769c15f96b55002aa90a9d757a74eeb07a46f760f79
- SSDEEP
  
  384:oyPEkz+AxusTpYGoHzITH4sHiIuHFOZ0Xf1s8oyDAAntmO:REk5KGIFVntp
Score

3^/10

execution
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24