Overview
overview
10Static
static
3Interop.NA...ib.dll
windows7-x64
1Interop.NA...ib.dll
windows10-2004-x64
1Mono.Cecil.dll
windows7-x64
1Mono.Cecil.dll
windows10-2004-x64
1Vestris.Re...ib.dll
windows7-x64
1Vestris.Re...ib.dll
windows10-2004-x64
1client.exe
windows7-x64
1client.exe
windows10-2004-x64
10xRAT 2.exe
windows7-x64
1xRAT 2.exe
windows10-2004-x64
1Analysis
-
max time kernel
94s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15-12-2024 16:50
Static task
static1
Behavioral task
behavioral1
Sample
Interop.NATUPNPLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Interop.NATUPNPLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Mono.Cecil.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
Mono.Cecil.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Vestris.ResourceLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Vestris.ResourceLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
client.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
client.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
xRAT 2.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
xRAT 2.exe
Resource
win10v2004-20241007-en
General
-
Target
xRAT 2.exe
-
Size
1.2MB
-
MD5
6d8489e8ef02f1dd5d496bfa3a4ff48f
-
SHA1
d8df172354f75d100db674e52654f35f53129e5e
-
SHA256
63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833
-
SHA512
99f3ecbf5b4596f663d7b6bd9bb28e0967de33ebbc08b02272ed4a5fc0ef29bc04cf3a6537ca6e2ec5dc7acba9a0326708e0f09be9c86b827d670e833ee51e40
-
SSDEEP
6144:WhPmJabS3OVcLGRk0EiDsQYGhbcEJks7lOFqKGhIax2WbcGILJPO2JkfTKIf941:y+mk4sQFNl/lcGWBJkA
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1176 xRAT 2.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1176 xRAT 2.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
393B
MD5c2fd64e9c69c2898d27653b3b47db2ff
SHA1610f9e4105fbf0f668897bec7be77b8bf708a6ae
SHA256f07f40e283e8d07742a7743dcd5de22933e1c6a6e39513fe0164cd8a910fa030
SHA51277f8c240db2afef34228e3cc59a2d46a18e5f757d8e20ae670dd1ca4eb420757afa5b7003e5ae8ef98806b52605c8828393418b7ba6f120267303d611630d664