Overview

overview

10

Static

static

10

Dangerous ...AT.exe

windows7-x64

10

Dangerous ...AT.exe

windows10-2004-x64

10

Dangerous ...nd.exe

windows7-x64

3

Dangerous ...nd.exe

windows10-2004-x64

3

Dangerous ...ox.dll

windows7-x64

1

Dangerous ...ox.dll

windows10-2004-x64

1

Dangerous ...og.rtf

windows7-x64

4

Dangerous ...og.rtf

windows10-2004-x64

1

Dangerous ...nd.exe

windows7-x64

3

Dangerous ...nd.exe

windows10-2004-x64

3

Dangerous ...ub.exe

windows7-x64

6

Dangerous ...ub.exe

windows10-2004-x64

7

Dangerous ...ub.exe

windows7-x64

3

Dangerous ...ub.exe

windows10-2004-x64

3

Dangerous ...ub.vbs

windows7-x64

1

Dangerous ...ub.vbs

windows10-2004-x64

1

Dangerous ...il.dll

windows7-x64

1

Dangerous ...il.dll

windows10-2004-x64

1

Dangerous ...io.dll

windows7-x64

1

Dangerous ...io.dll

windows10-2004-x64

1

Dangerous ...AN.exe

windows7-x64

1

Dangerous ...AN.exe

windows10-2004-x64

1

Dangerous ...df.exe

windows7-x64

3

Dangerous ...df.exe

windows10-2004-x64

3

Dangerous ...nt.dll

windows7-x64

3

Dangerous ...nt.dll

windows10-2004-x64

3

Dangerous ...nx.dll

windows7-x64

3

Dangerous ...nx.dll

windows10-2004-x64

3

Dangerous ...li.dll

windows7-x64

3

Dangerous ...li.dll

windows10-2004-x64

3

Dangerous ...Dc.dll

windows7-x64

1

Dangerous ...Dc.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2025, 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dangerous RAT/Plugin/Ant.dll

  • Size

    14KB

  • MD5

    8854809c9c8f5feb776ed337761c0390

  • SHA1

    1ed9deb4a774852b92cfd58d769c539c583a6ec1

  • SHA256

    4d962f32f94f83d52e193a191df6d0202d441773eba0969df4fcada62385baeb

  • SHA512

    d267cf32a009155648a8aa6e011465331d37c5a349e042a2099420824bb7128a38fbf87ee3d18df39cc6de2f3a97eb5fad4568bbcf430b32833e9f7ea1bb2905

  • SSDEEP

    384:GgdovW5UJ0ELsElpBIx68tSzmtuxNvoF:BdoOH6kYNvoF

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dangerous RAT\Plugin\Ant.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dangerous RAT\Plugin\Ant.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads