General
-
Target
RAT.exe
-
Size
66.8MB
-
Sample
250119-wtke9azncr
-
MD5
5fba4b04a37a2f47bdd6667c878ed9a7
-
SHA1
aea4adf60d6bcb008584c21fcc83cf3f1686cbdb
-
SHA256
f892e02ab1f1639249e0bddc184e817e13640b54cb89dce89801079416205462
-
SHA512
8635638854051035b911825eb2290916a856ad7e000a6f1bdbb176e794cdb8b1667a63253aaa3b794a05fdbedcd84bf3334cda55d2a040eb8b767578bd4c1a79
-
SSDEEP
1572864:QLt5Z2mlRLX5WJoWbgWRSgkNOXWxtQSNWcz3yxp9j1qAKL6Q6T:QLt5LdX5M3gbcKCgz3gpqrLj2
Behavioral task
behavioral1
Sample
RAT.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
RAT.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
RAT.exe
-
Size
66.8MB
-
MD5
5fba4b04a37a2f47bdd6667c878ed9a7
-
SHA1
aea4adf60d6bcb008584c21fcc83cf3f1686cbdb
-
SHA256
f892e02ab1f1639249e0bddc184e817e13640b54cb89dce89801079416205462
-
SHA512
8635638854051035b911825eb2290916a856ad7e000a6f1bdbb176e794cdb8b1667a63253aaa3b794a05fdbedcd84bf3334cda55d2a040eb8b767578bd4c1a79
-
SSDEEP
1572864:QLt5Z2mlRLX5WJoWbgWRSgkNOXWxtQSNWcz3yxp9j1qAKL6Q6T:QLt5LdX5M3gbcKCgz3gpqrLj2
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-