Overview

overview

10

Static

static

3

Interop.NA...ib.dll

windows7-x64

1

Interop.NA...ib.dll

windows10-2004-x64

1

Mono.Cecil.dll

windows7-x64

1

Mono.Cecil.dll

windows10-2004-x64

1

Vestris.Re...ib.dll

windows7-x64

1

Vestris.Re...ib.dll

windows10-2004-x64

1

client.exe

windows7-x64

1

client.exe

windows10-2004-x64

10

xRAT 2.exe

windows7-x64

1

xRAT 2.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xRAT 2.exe

  • Size

    1.2MB

  • MD5

    6d8489e8ef02f1dd5d496bfa3a4ff48f

  • SHA1

    d8df172354f75d100db674e52654f35f53129e5e

  • SHA256

    63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833

  • SHA512

    99f3ecbf5b4596f663d7b6bd9bb28e0967de33ebbc08b02272ed4a5fc0ef29bc04cf3a6537ca6e2ec5dc7acba9a0326708e0f09be9c86b827d670e833ee51e40

  • SSDEEP

    6144:WhPmJabS3OVcLGRk0EiDsQYGhbcEJks7lOFqKGhIax2WbcGILJPO2JkfTKIf941:y+mk4sQFNl/lcGWBJkA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe
    "C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\settings.xml
    Filesize

    393B

    MD5

    c2fd64e9c69c2898d27653b3b47db2ff

    SHA1

    610f9e4105fbf0f668897bec7be77b8bf708a6ae

    SHA256

    f07f40e283e8d07742a7743dcd5de22933e1c6a6e39513fe0164cd8a910fa030

    SHA512

    77f8c240db2afef34228e3cc59a2d46a18e5f757d8e20ae670dd1ca4eb420757afa5b7003e5ae8ef98806b52605c8828393418b7ba6f120267303d611630d664

    Download Submit

  • memory/2056-0-0x000007FEF683E000-0x000007FEF683F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2056-3-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-14-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-15-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-16-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-17-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-18-0x000007FEF683E000-0x000007FEF683F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2056-19-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-20-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-23-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2056-24-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

    Filesize

    9.6MB

    Download