General
-
Target
ratremover.exe
-
Size
7.6MB
-
Sample
241223-1et4csskfr
-
MD5
86d3386f1c3741e7bf7c3b49fd54ef4c
-
SHA1
4c2a7901ea11b96d44831ad473a4fe13fec964c7
-
SHA256
d71b0488ad6ce4579d90b22ed8921fc837ffc77781de183da7a7a30369db5ed1
-
SHA512
8467abddee54c2d77bae0c19f06da49eacda544704f9ddef259936d4f0d8150c367ed5d84b15d1fe5b25b2e3397bca26b53164c0fe0674397f44b109224c5368
-
SSDEEP
196608:NZD+kd2QwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWR:35gPIHL7HmBYXrYoaUNm
Behavioral task
behavioral1
Sample
ratremover.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ratremover.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ratremover.exe
-
Size
7.6MB
-
MD5
86d3386f1c3741e7bf7c3b49fd54ef4c
-
SHA1
4c2a7901ea11b96d44831ad473a4fe13fec964c7
-
SHA256
d71b0488ad6ce4579d90b22ed8921fc837ffc77781de183da7a7a30369db5ed1
-
SHA512
8467abddee54c2d77bae0c19f06da49eacda544704f9ddef259936d4f0d8150c367ed5d84b15d1fe5b25b2e3397bca26b53164c0fe0674397f44b109224c5368
-
SSDEEP
196608:NZD+kd2QwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWR:35gPIHL7HmBYXrYoaUNm
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1