Overview
overview
10Static
static
10Plugins/0g...oG.dll
windows11-21h2-x64
1Plugins/59...uJ.dll
windows11-21h2-x64
1Plugins/9O...Pn.exe
windows11-21h2-x64
10Plugins/EV...LC.dll
windows11-21h2-x64
1Plugins/FBSyChwp.dll
windows11-21h2-x64
1Plugins/G3...uZ.dll
windows11-21h2-x64
1Plugins/K8...WP.dll
windows11-21h2-x64
1Plugins/KN...Hs.dll
windows11-21h2-x64
1Plugins/PK...TS.dll
windows11-21h2-x64
1Plugins/Recovery.dll
windows11-21h2-x64
1Plugins/Rs...xj.dll
windows11-21h2-x64
1Plugins/Wk...pi.dll
windows11-21h2-x64
1Plugins/fzAgyDYa.dll
windows11-21h2-x64
1Plugins/mM...GA.dll
windows11-21h2-x64
1Plugins/ma...EC.dll
windows11-21h2-x64
1Plugins/oYsKwDG.dll
windows11-21h2-x64
1Plugins/sJ...zK.dll
windows11-21h2-x64
1Plugins/yL...2P.dll
windows11-21h2-x64
1Plugins/zV...LS.dll
windows11-21h2-x64
1Stub/Stub.exe
windows11-21h2-x64
10skibidirat.exe
windows11-21h2-x64
10General
-
Target
SkibidiRat.rar
-
Size
15.7MB
-
Sample
241116-qq11yaxejd
-
MD5
b84a38504866111a035a9e567ead6ca3
-
SHA1
5ef7181ca36b0a237a9e76132c5932e5ffcd16d6
-
SHA256
671c2b036deed4e63f32adb4834fc6b2d9479d04a64025fa0245e6797add02e6
-
SHA512
c84237ff1335f91a0aae7d84352fb448736a2832d4607644f9029b8b4f4e1bb0ec30f76db2e597d98b60d24fe328da992790f79323a9a0d09f1fe5f92bfa9a79
-
SSDEEP
393216:QKiDspAE+d0SUbaceHogUhh35S9CtIdwZfBNZBhM1HzfyQZCnbnpjdD:niDsMd+bacGqhpICQwRm1HrZcnbnp9
Behavioral task
behavioral1
Sample
Plugins/0guo3zbo66fqoG.dll
Resource
win11-20241023-en
Behavioral task
behavioral2
Sample
Plugins/59Zp7paEHDF7luJ.dll
Resource
win11-20241023-en
Behavioral task
behavioral3
Sample
Plugins/9Ood5SWkbwPn.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
Plugins/EVa7gBMKoaHmLC.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Plugins/FBSyChwp.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Plugins/G3nl0mDcABnDuZ.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Plugins/K8oCBS3ThnW0WP.dll
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Plugins/KNTmoSnG.AnarHs.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Plugins/PK0TcnqTGFagQTS.dll
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
Plugins/Recovery.dll
Resource
win11-20241023-en
Behavioral task
behavioral11
Sample
Plugins/RssCnLKcGRxj.dll
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
Plugins/WkUP83aP9CABpi.dll
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
Plugins/fzAgyDYa.dll
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
Plugins/mML6WKMqdxjDGA.dll
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
Plugins/maSN8TBMgUEC.dll
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
Plugins/oYsKwDG.dll
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
Plugins/sJ88z8tsg5XzK.dll
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
Plugins/yL9x34D8X3oO2P.dll
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
Plugins/zVvPGvK64uLS.dll
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
Stub/Stub.exe
Resource
win11-20241007-en
Malware Config
Extracted
arrowrat
identifier
IP:PORT
mutex
Extracted
asyncrat
Default
natural-familiar.gl.at.ply.gg:65030
-
delay
1
-
install
true
-
install_file
search.exe
-
install_folder
%AppData%
Targets
-
-
Target
Plugins/0guo3zbo66fqoG.dll
-
Size
78KB
-
MD5
e4ebcf76ff80ef398d3ab77d577f4c08
-
SHA1
cb9e6b30a63d50ae87610f6855b64abfb25691d2
-
SHA256
9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
-
SHA512
8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01
-
SSDEEP
1536:+gqK9OLThWUkwSOykrJROOwj5vCSnVcnwwxu8NMsuS73O4VKid/:1OBX/xFwj5vCSnSwwjNH3O4xd
Score1/10 -
-
-
Target
Plugins/59Zp7paEHDF7luJ.dll
-
Size
4.0MB
-
MD5
15e3d44d37439f3ac8574ac1c9789ec2
-
SHA1
bb3ef30e9f4496198f412738579966210ade36e0
-
SHA256
5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5
-
SHA512
ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1
-
SSDEEP
24576:L2RBtpr5ljLyeVKbed1BeaPc9oFf/V5V4IeDHRbtg58jVh6zBRkM8eJkhjpSLZFb:L2jXr5ZtVKYzX/LV4k58M8eJkhj
Score1/10 -
-
-
Target
Plugins/9Ood5SWkbwPn.AnarHs
-
Size
138KB
-
MD5
2cf2efcc0e1d910d2d9c933ca73055d0
-
SHA1
3bb08f4532f80bf0cd5a36f26393ba00beadb8eb
-
SHA256
2475c46eba856424c41cf41db71fd5d6089e8be9031b35279f051da760aa216f
-
SHA512
e16ca929bf2c7654251b02946fa7954f89971a27750e05c502acede063a55d88df16fb297c40c7bf54e04ea173cb6c3527e65ca98ad2280543e00e9ef6fa9390
-
SSDEEP
3072:ubvh/X2z7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/Yi:ubvhPi7BqjjYHdrqkL/
Score10/10-
Arrowrat family
-
-
-
Target
Plugins/EVa7gBMKoaHmLC.dll
-
Size
170KB
-
MD5
64a3d908b8a5feff2bccfc67f3a67dbd
-
SHA1
a17d7e5fa57c99a067cac459cb507b625dac254e
-
SHA256
6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
-
SHA512
66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc
-
SSDEEP
3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb
Score1/10 -
-
-
Target
Plugins/FBSyChwp.dll
-
Size
170KB
-
MD5
0d41ccfaa8e7ef96248b8270d1a44d08
-
SHA1
6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326
-
SHA256
0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3
-
SHA512
a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e
-
SSDEEP
3072:OXwOuoHBhyYr+x5IA+1gUtaEKJ8px4e1hkamm9RyxLeN/dIfMU+:awOuYr05T+KUtaEKJ8px4e1RmqRydeNd
Score1/10 -
-
-
Target
Plugins/G3nl0mDcABnDuZ.dll
-
Size
177KB
-
MD5
97b8bec4c47286e333cc2bedacf7338e
-
SHA1
764bbd0307924b71ca89538b42996208d10c9b91
-
SHA256
060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de
-
SHA512
a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf
-
SSDEEP
3072:EaEk8xLhWuo2alMFVxzPUBvRNHosrO0/1gRR0foQPssGeWSz89:EaEk8PRo2al0DzPUxvHtrN1gROffPfGl
Score1/10 -
-
-
Target
Plugins/K8oCBS3ThnW0WP.dll
-
Size
373KB
-
MD5
1681e0f3311751361030ff30a957a1ed
-
SHA1
8f3b55e130af507549817fda37474a1391e6b8f2
-
SHA256
234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4
-
SHA512
60690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1
-
SSDEEP
6144:qPcVUKQh7PTlFOEPDDeXmCIW89SQsgy/mVHeiOA7+Yi4kZd:qEVoVn2Xa9Say+b+Yi4kr
Score1/10 -
-
-
Target
Plugins/KNTmoSnG.AnarHs.dll
-
Size
373KB
-
MD5
1681e0f3311751361030ff30a957a1ed
-
SHA1
8f3b55e130af507549817fda37474a1391e6b8f2
-
SHA256
234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4
-
SHA512
60690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1
-
SSDEEP
6144:qPcVUKQh7PTlFOEPDDeXmCIW89SQsgy/mVHeiOA7+Yi4kZd:qEVoVn2Xa9Say+b+Yi4kr
Score1/10 -
-
-
Target
Plugins/PK0TcnqTGFagQTS.dll
-
Size
174KB
-
MD5
fa90a2aee0d172000257c4faca31237c
-
SHA1
b317281b4acaaf1d7b7255c5e92887322abae892
-
SHA256
991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
-
SHA512
b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405
-
SSDEEP
3072:Z60dHpQssTFrcpvZFlOJA3YCVbbME5f8YpIVbltkksqBRbRw:xPsZcpvZFlOJA3VVbbME5f7pIVbTkkZJ
Score1/10 -
-
-
Target
Plugins/Recovery.dll
-
Size
309KB
-
MD5
08131d6801c109f0764a4fe690aba8ef
-
SHA1
e732af02326483700eda52ff40dc70cff6b7afcb
-
SHA256
bc3a9390c043f8002e356ad34b2b11d3486682d0c275ab6729bb4a312e324f51
-
SHA512
228ab0aa0ddfdb0c099f1db5112304d776cb97ab2dab376d38023e446cb2aec30d9585eba444818f3241ffbc28565a1aef11f97b5b42bf57037de8e4a8536e2a
-
SSDEEP
6144:sb8xPy7+NKMDMAlcn38OxKl9x7qs9Pxcm0AUNy9rsxLaxHUX:sbBMDMVqfBdcmDBuX
Score1/10 -
-
-
Target
Plugins/RssCnLKcGRxj.dll
-
Size
181KB
-
MD5
f6808c4fbbe0275db03b2cc5b4c2bc0d
-
SHA1
e40b61c64c68f72fc5144f5057d54229babdecf8
-
SHA256
e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
-
SHA512
f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4
-
SSDEEP
3072:P1F3B6k7/u/cVnvqtXEIGyv5LBPcwk4V9KIgBH/cNw5/UzUYNv:P1F0kDu/+WX8yhLBPcwk4SIgBH/Yw58P
Score1/10 -
-
-
Target
Plugins/WkUP83aP9CABpi.dll
-
Size
175KB
-
MD5
3100ead33f5672e8ecae7b0b32d5fa28
-
SHA1
048b5e3956c19290e0d3212138fe8f8be04a05d9
-
SHA256
0f6c930b39e5a4c7fcba75876c443307d4927015d2a48511818ccbfaa95ca2f4
-
SHA512
fe1167a211cb745a0a98f58da2a517f8b1769e887b9869680fe78cdf22bec20bfee22b8c9453a9a4eef7c9b474ed88300be854b39a78ff9d3828e76d98021ae8
-
SSDEEP
3072:AD+L0wKJm4DFpA8WNyhOiYJi09NuUXJvyn/s9NtyGhho+/FuYfxH4YmAORn:UQIJ1DFpA8WNycifMJvyn/s9NtyGhho7
Score1/10 -
-
-
Target
Plugins/fzAgyDYa.AnarHs
-
Size
181KB
-
MD5
21aaf842f7518fdc7038c09a78292c7e
-
SHA1
ff68658d3c1d6aecf1bb0e41c0e62c7dec24885f
-
SHA256
f0a82d67f8b53de0915c2c8853e47b191aa24be180c398f61c5332e558094e4a
-
SHA512
1cfe3bcc66ad0aeb9fca5d74253dba2efcf777ee15266828edb0d4a196f9a6e41871c51fc4eb0d7022b8183e768a62b38dfe974f7a65a2e259141eeb93a88458
-
SSDEEP
3072:A3NNnhy2Yt+HCQKrPCrCihOZNPd14hlaWWfiooIbuTyXb3tk:Ge2Yt+XKrOCsed14hlh5tIbueXb
Score1/10 -
-
-
Target
Plugins/mML6WKMqdxjDGA.dll
-
Size
173KB
-
MD5
e03b206eec8a7efbd1a47909071226e5
-
SHA1
21163989ea524920e874bc7932adfcd5e94f854e
-
SHA256
778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965
-
SHA512
831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff
-
SSDEEP
3072:5nkYlKsdY6RwiYNF7Bs2GEEg+9D8RZW7iKcnQy/dh1CWMEPrhBSepT/9HxW2Je:5nkrsdYUwiYNF722GEb+uRZWhcQy/71H
Score1/10 -
-
-
Target
Plugins/maSN8TBMgUEC.dll
-
Size
570KB
-
MD5
d5a278acdafa0c8b4380efb7d83e053e
-
SHA1
376218e3aa607a3b82be55cfa718826991953654
-
SHA256
d93d72c6e929bd9cea468458e6c0558908a92f0ecd11f4f4db0f49acfe9d4fc5
-
SHA512
138def485e02fdcf1809f0d8162fdd2a50575f3cab56968fbc6d09d0c1e9fe6803860315e45c1a7e0eff75958988ed6b08735fa680fa66527630c6789a23a00b
-
SSDEEP
12288:P8T7wSelZVUsVV1CHxQxhZ8a4MBTCUhcyYwTjUV:0sSemsVX8yBADyYSjUV
Score1/10 -
-
-
Target
Plugins/oYsKwDG.dll
-
Size
4.0MB
-
MD5
19f8d8099cc9b7b6a68e7efebc44ac18
-
SHA1
5a5cca2ad1168252d79ef7c0ffda58726de7f79c
-
SHA256
9157a6021901939611c80c4246dbec6007200b2f2457d348ce8834bef9872535
-
SHA512
6bb58b3157feb010555382c5b5b5d0ee982af324f1d88512ea5d5b984b949995d7387a9496388cb7b9589007ae9ec651e5f8219085517d82eef093e4ebb7ecbc
-
SSDEEP
24576:MRRBtpr5ljLyeVKbed1BeaPc9oFf/V5V4IeDHRbtg58jVh6zBRkM8eJkhjpSLZFb:MRjXr5ZtVKYzX/LV4k58M8eJkhj
Score1/10 -
-
-
Target
Plugins/sJ88z8tsg5XzK.dll
-
Size
172KB
-
MD5
b3fa2c3d50057ddd2c9579dc0aef1590
-
SHA1
88a1f57b9177c95a2e095866574639b09d5f310a
-
SHA256
6eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf
-
SHA512
0d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508
-
SSDEEP
3072:8SHb8GZKzU95JXku/dIvjVWE6jZJjnnpnSY1DFb109H:88ZKzU95JXkodIbVWE6jDjnnpnSY1DFZ
Score1/10 -
-
-
Target
Plugins/yL9x34D8X3oO2P.dll
-
Size
180KB
-
MD5
38502e61cc1d39095a12c1883551ad9f
-
SHA1
135c9cad9e6d54bf66a1cee5c99ba510102623b0
-
SHA256
0e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301
-
SHA512
cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600
-
SSDEEP
3072:lq4bIABl7xQ6himcU8wzHQzvDk7r1OzArhb6lDWyITJeO9pKb3tO:4LABl7xQ6himx8w7QzvDk7r16whByITO
Score1/10 -
-
-
Target
Plugins/zVvPGvK64uLS.dll
-
Size
234KB
-
MD5
4f2fb621cbea3cafb7a041c9b3c115a7
-
SHA1
137502326e0126f372586d157e51a1416146c3be
-
SHA256
98eb518c9785f988ab1dc0752e0ef6d23f171134e60187c621795d6877940f99
-
SHA512
22171b9ecf1fc99b7aaf4e73c4d164cedcb503e83021f36a9cec673ff327f83a6c7568e22a7329cc6fc7ef3d6ff79d5dc6c88a8784e58401b884920c5ba2ac9b
-
SSDEEP
6144:yMc8IVeK18Kv42lIq94yFwT6J9Kfgn4670g/Pgtb:yFeK18Kgohey2T6J9KfgnX0Ag
Score1/10 -
-
-
Target
Stub/Stub.exe
-
Size
60KB
-
MD5
fd7b1162b84b0add4146e3bc0d13b7dd
-
SHA1
1fb46807f499267832aa444e12c403df880855bb
-
SHA256
972c912943000017fe92e563d4b7a5147f15825718edcb17307af79f85ac5f10
-
SHA512
6f5ff1aff1c899f9ae48cd177fd1bb277b2b9a7395858de1077392c293a4c68307d55d84a7c9968342da5a1296e720b00d8cd6f42b5faa11b7c643260eac300d
-
SSDEEP
768:NRgZXw8fNxs48AZYfEq586BHPcxLwM5QXWaRcW1Uo4blGNjj6MpqKYhY7:NR7586vcx35QXWaRB1UqiMpqKmY7
-
Asyncrat family
-
-
-
Target
skibidirat.exe
-
Size
16.4MB
-
MD5
266764b1328dfba596ec0fbf5feca39a
-
SHA1
099c1d1750238b9e6ab0979c9cff8493c4f3c373
-
SHA256
300838a1445ba35fcf31f65018293d8cb9a7bfe0c4859b26205c09be3a7b3b3d
-
SHA512
f6f69498be690023553f4aabba26f27a0cdf3c68f405ffc76637eb6c933c1061bb92c40934276cb7751f6061de515e4f8ded12fef1c93a533dbbfb1c395ceea8
-
SSDEEP
196608:EVCpPOu8P5G2eee0yMRs4vkmXaU7aIObk9fcdHJDLscmZk36zOAE2A1cZF7sL9YR:2kr0TaZ1LmZ+F1cby9YN/X
-
Asyncrat family
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Async RAT payload
-
Executes dropped EXE
-