Overview

overview

10

Static

static

10

Dangerous RAT.zip

windows11-21h2-x64

1

Dangerous ...AT.exe

windows11-21h2-x64

10

Dangerous ...xx.txt

windows11-21h2-x64

3

Dangerous ...01.jpg

windows11-21h2-x64

Dangerous ...02.jpg

windows11-21h2-x64

Dangerous ...04.jpg

windows11-21h2-x64

Dangerous ...nd.exe

windows11-21h2-x64

3

Dangerous ...A1.jpg

windows11-21h2-x64

Dangerous ...ac.png

windows11-21h2-x64

Dangerous ...ct.png

windows11-21h2-x64

Dangerous ...ox.dll

windows11-21h2-x64

1

Dangerous ...IP.dat

windows11-21h2-x64

3

Dangerous ...og.rtf

windows11-21h2-x64

1

Dangerous ...nd.exe

windows11-21h2-x64

3

Dangerous ...ub.exe

windows11-21h2-x64

6

Dangerous ...ub.exe

windows11-21h2-x64

3

Dangerous ...ub.vbs

windows11-21h2-x64

1

Dangerous ...EG.png

windows11-21h2-x64

Dangerous ...PH.png

windows11-21h2-x64

Dangerous ...VI.png

windows11-21h2-x64

Dangerous ...il.dll

windows11-21h2-x64

1

Dangerous ...io.dll

windows11-21h2-x64

1

Dangerous ...AN.exe

windows11-21h2-x64

1

Dangerous ...df.exe

windows11-21h2-x64

3

Dangerous ...nt.dll

windows11-21h2-x64

3

Dangerous ...nx.dll

windows11-21h2-x64

3

Dangerous ...li.dll

windows11-21h2-x64

3

Dangerous ...Dc.dll

windows11-21h2-x64

1

Dangerous ...nc.exe

windows11-21h2-x64

1

Dangerous ...Ex.exe

windows11-21h2-x64

1

Dangerous ...ub.xml

windows11-21h2-x64

3

Dangerous ...ns.vnc

windows11-21h2-x64

3

Analysis

  • max time kernel
    442s
  • max time network
    466s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/02/2025, 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dangerous RAT/GeoIP.dat

  • Size

    1.2MB

  • MD5

    797b96cc417d0cde72e5c25d0898e95e

  • SHA1

    8c63d0cc8a3a09c1fe50c856b8e5170a63d62f13

  • SHA256

    8a0675001b5bc63d8389fc7ed80b4a7b0f9538c744350f00162533519e106426

  • SHA512

    9bb0c40c83551000577f8cf0b8a7c344bc105328a2c564df70fabec978ad267fa42e248c11fb78166855b0816d2ef3ec2c12fe52f8cc0b83e366e46301340882

  • SSDEEP

    24576:X49Ncvb7y4+FFfI12ky0dBRQ3fNLxDKefhoFbQfAACiTQVapg:o9Nhw1vJ83fNLxu2UVa2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Dangerous RAT\GeoIP.dat"
    1⤵
    • Modifies registry class
    PID:4496
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads