Malware Analysis Report

2025-04-13 21:13

Sample ID 250315-z7k6gstvfx
Target whoisthisugly's RAT set.rar
SHA256 c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7

Threat Level: No (potentially) malicious behavior was detected

The file whoisthisugly's RAT set.rar was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-03-15 21:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-15 21:21

Reported

2025-03-15 21:22

Platform

win11-20250313-en

Max time kernel

13s

Max time network

9s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\whoisthisugly's RAT set.rar"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\whoisthisugly's RAT set.rar"

Network

Country Destination Domain Proto
GB 2.18.66.89:443 www.bing.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-15 21:21

Reported

2025-03-15 21:22

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/whoisthisugly's RAT set.rar]

Signatures

N/A

Processes

/tmp/whoisthisugly's RAT set.rar

[/tmp/whoisthisugly's RAT set.rar]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.7:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-03-15 21:21

Reported

2025-03-15 21:22

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/whoisthisugly's RAT set.rar]

Signatures

N/A

Processes

/tmp/whoisthisugly's RAT set.rar

[/tmp/whoisthisugly's RAT set.rar]

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2025-03-15 21:21

Reported

2025-03-15 21:23

Platform

debian9-mipsbe-20240611-en

Max time kernel

1s

Command Line

[/tmp/whoisthisugly's RAT set.rar]

Signatures

N/A

Processes

/tmp/whoisthisugly's RAT set.rar

[/tmp/whoisthisugly's RAT set.rar]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2025-03-15 21:21

Reported

2025-03-15 21:22

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A