Overview

overview

10

Static

static

3

Interop.NA...ib.dll

windows11-21h2-x64

1

LICENSE

windows11-21h2-x64

1

Mono.Cecil.dll

windows11-21h2-x64

1

Vestris.Re...ib.dll

windows11-21h2-x64

1

client.exe

windows11-21h2-x64

10

xRAT 2.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    272s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-12-2024 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xRAT 2.exe

  • Size

    1.2MB

  • MD5

    6d8489e8ef02f1dd5d496bfa3a4ff48f

  • SHA1

    d8df172354f75d100db674e52654f35f53129e5e

  • SHA256

    63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833

  • SHA512

    99f3ecbf5b4596f663d7b6bd9bb28e0967de33ebbc08b02272ed4a5fc0ef29bc04cf3a6537ca6e2ec5dc7acba9a0326708e0f09be9c86b827d670e833ee51e40

  • SSDEEP

    6144:WhPmJabS3OVcLGRk0EiDsQYGhbcEJks7lOFqKGhIax2WbcGILJPO2JkfTKIf941:y+mk4sQFNl/lcGWBJkA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe
    "C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Profiles\Default.xml
    Filesize

    635B

    MD5

    b71943f686068b294a9492f883ac844d

    SHA1

    eb356cf8c2305c0e1f8b631646eb43163f2af175

    SHA256

    fe0f805fda8596b27d72627e0b3bc4abf4a318adcb454f69d836a405517e0644

    SHA512

    63fa04538e91dc64c3124228d02f02f069c3d12f0530c4eb42cd66a361ec3afd9b1180bfc72d52f38030d24c004e60fcfe1b03298addcac5fb433dcfe49a7c96

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Profiles\Default.xml
    Filesize

    867B

    MD5

    79f02b3fd61af72b58e40f8cb81f6f7d

    SHA1

    20a47f8c268ae3a996f1551091f6be412895a9f9

    SHA256

    77d4c6c7a25feb385f8f30e21acec910b0b9818b189ffbe5c0ad3011e519f5b2

    SHA512

    f3f93e5eea7f734cc1ee3e024874a7d0715845eb660bad6fb02106610b87ec4dcb8ee2abebed6fcb128b3ec68fcb43544abe95b1d63817457b3622edceaa998e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\settings.xml
    Filesize

    393B

    MD5

    c2fd64e9c69c2898d27653b3b47db2ff

    SHA1

    610f9e4105fbf0f668897bec7be77b8bf708a6ae

    SHA256

    f07f40e283e8d07742a7743dcd5de22933e1c6a6e39513fe0164cd8a910fa030

    SHA512

    77f8c240db2afef34228e3cc59a2d46a18e5f757d8e20ae670dd1ca4eb420757afa5b7003e5ae8ef98806b52605c8828393418b7ba6f120267303d611630d664

    Download Submit

  • memory/4588-21-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-23-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-5-0x000000001BA00000-0x000000001BA08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4588-3-0x000000001C4B0000-0x000000001C54C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4588-18-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-19-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-20-0x00007FF8ECE25000-0x00007FF8ECE26000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4588-0-0x00007FF8ECE25000-0x00007FF8ECE26000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4588-22-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-4-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-24-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-27-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-28-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-29-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-2-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-55-0x00007FF8ECB70000-0x00007FF8ED511000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4588-1-0x000000001BF40000-0x000000001C40E000-memory.dmp

    Filesize

    4.8MB

    Download