Overview

overview

10

Static

static

8

RAT/Adwind.jar

windows7-x64

10

RAT/Adwind.jar

windows10-2004-x64

10

RAT/CobaltStrike.docm

windows7-x64

10

RAT/CobaltStrike.docm

windows10-2004-x64

10

RAT/CrimsonRAT.exe

windows7-x64

10

RAT/CrimsonRAT.exe

windows10-2004-x64

10

RAT/NetWire.doc

windows7-x64

10

RAT/NetWire.doc

windows10-2004-x64

7

RAT/VanToM-Rat.exe

windows7-x64

7

RAT/VanToM-Rat.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2024 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RAT/VanToM-Rat.exe

  • Size

    183KB

  • MD5

    3d4e3f149f3d0cdfe76bf8b235742c97

  • SHA1

    0e0e34b5fd8c15547ca98027e49b1dcf37146d95

  • SHA256

    b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a

  • SHA512

    8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

  • SSDEEP

    3072:UurlxKcmWTTt7Zde2vBVQF4EWjFRA229YvepcCBKXnpU:vrlOWFddeAVQF4EWx92iepcCBK3

Score
7/10
credential_accesspersistencespywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\RAT\VanToM-Rat.exe
    "C:\Users\Admin\AppData\Local\Temp\RAT\VanToM-Rat.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe
      "C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\melt.txt
    Filesize

    52B

    MD5

    043789b31546b4b9db024572fdb74719

    SHA1

    fa162860d98b440196bdf127d2bfdb2457f3c86a

    SHA256

    88695e1d3afa0037384d29fb7bd96e7e63360b3f18e2bdfde9976c95e59a6717

    SHA512

    0a50fb469f41a82185a902b1e4104ae2d4f73e656b391a6ea25bdd3268e797e147747970fe561fdff7adff4ffd9e2666907bba20ba1d7be70cff28c5250a2b5e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe
    Filesize

    183KB

    MD5

    3d4e3f149f3d0cdfe76bf8b235742c97

    SHA1

    0e0e34b5fd8c15547ca98027e49b1dcf37146d95

    SHA256

    b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a

    SHA512

    8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

    Download Submit

  • memory/2188-0-0x000007FEF547E000-0x000007FEF547F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-1-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2188-2-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2188-3-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2188-10-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2840-11-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2840-13-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2840-12-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2840-14-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2840-16-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download