General

  • Target

    RAT.exe

  • Size

    66.8MB

  • Sample

    250119-wtke9azncr

  • MD5

    5fba4b04a37a2f47bdd6667c878ed9a7

  • SHA1

    aea4adf60d6bcb008584c21fcc83cf3f1686cbdb

  • SHA256

    f892e02ab1f1639249e0bddc184e817e13640b54cb89dce89801079416205462

  • SHA512

    8635638854051035b911825eb2290916a856ad7e000a6f1bdbb176e794cdb8b1667a63253aaa3b794a05fdbedcd84bf3334cda55d2a040eb8b767578bd4c1a79

  • SSDEEP

    1572864:QLt5Z2mlRLX5WJoWbgWRSgkNOXWxtQSNWcz3yxp9j1qAKL6Q6T:QLt5LdX5M3gbcKCgz3gpqrLj2

Malware Config

Targets

    • Target

      RAT.exe

    • Size

      66.8MB

    • MD5

      5fba4b04a37a2f47bdd6667c878ed9a7

    • SHA1

      aea4adf60d6bcb008584c21fcc83cf3f1686cbdb

    • SHA256

      f892e02ab1f1639249e0bddc184e817e13640b54cb89dce89801079416205462

    • SHA512

      8635638854051035b911825eb2290916a856ad7e000a6f1bdbb176e794cdb8b1667a63253aaa3b794a05fdbedcd84bf3334cda55d2a040eb8b767578bd4c1a79

    • SSDEEP

      1572864:QLt5Z2mlRLX5WJoWbgWRSgkNOXWxtQSNWcz3yxp9j1qAKL6Q6T:QLt5LdX5M3gbcKCgz3gpqrLj2

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks