Overview

overview

10

Static

static

10

sheet rat ...er.exe

windows7-x64

7

sheet rat ...er.exe

windows10-2004-x64

7

sheet rat ...nt.exe

windows7-x64

1

sheet rat ...nt.exe

windows10-2004-x64

1

sheet rat ...bf.dll

windows7-x64

1

sheet rat ...bf.dll

windows10-2004-x64

1

sheet rat ...64.sys

windows7-x64

1

sheet rat ...64.sys

windows10-2004-x64

1

sheet rat ...64.dll

windows7-x64

1

sheet rat ...64.dll

windows10-2004-x64

1

sheet rat ...er.exe

windows7-x64

1

sheet rat ...er.exe

windows10-2004-x64

1

sheet rat ...ds.dll

windows7-x64

1

sheet rat ...ds.dll

windows10-2004-x64

1

sheet rat ...12.dll

windows7-x64

1

sheet rat ...12.dll

windows10-2004-x64

1

sheet rat ..._0.dll

windows7-x64

1

sheet rat ..._0.dll

windows10-2004-x64

1

sheet rat ...ef.exe

windows7-x64

7

sheet rat ...ef.exe

windows10-2004-x64

7

sheet rat ...er.exe

windows7-x64

1

sheet rat ...er.exe

windows10-2004-x64

1

sheet rat ...rs.dll

windows7-x64

1

sheet rat ...rs.dll

windows10-2004-x64

1

sheet rat ...le.dll

windows7-x64

1

sheet rat ...le.dll

windows10-2004-x64

1

sheet rat ...ry.dll

windows7-x64

1

sheet rat ...ry.dll

windows10-2004-x64

1

sheet rat ...rs.dll

windows7-x64

1

sheet rat ...rs.dll

windows10-2004-x64

1

sheet rat ...fe.dll

windows7-x64

1

sheet rat ...fe.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sheet rat v2.6.zip

  • Size

    47.8MB

  • Sample

    250328-v42a3syzcy

  • MD5

    d8ddf63f55bb1ae3740ecb40f82c373f

  • SHA1

    2f1ad58b9cedf9a1fef4c2d363f6d22196cc5c37

  • SHA256

    6f1cdc079812115df46d5cfc629e9ed8a9ed0d8d717de8d28bc9890b5578af4d

  • SHA512

    49be353e5b91a5cef5d1208e3439e787be07d59dcc61ba8ea2a96034f6d26926b00d43561d397cd2cb5b1430c4aea1f6f62711c70e881fbd0fb0a3aa71a4e241

  • SSDEEP

    786432:iGQPXDBYQwlIjdPgmLoJrk8Qr9rPf64zqpZdMkcgBz1XWgYzR3fEUouw9JBY4QQz:i1XDBYlqBPVLYrPQrPS4yZ3cgegYzdEh

Score
10/10
xmrigdiscoveryminerpyinstaller

Malware Config

Targets

    • Target

      sheet rat v2.6/Server.exe

    • Size

      1.3MB

    • MD5

      dd6667db55acaefa2d7e99dcf5d97a26

    • SHA1

      c1b281ef573df4da584294c61b5322edfed589ad

    • SHA256

      ce8fd5ec0b2ee4e5d87d35622eeaa022ee971801c97bcb3726ca6ebe4b576238

    • SHA512

      916c8b63400c0a8e495fc59d8e348499a6f04421e79599803c7ac4cd828c82f389bfd733471de27cc1643c03723429f8544446d9adc69082e6a5032139a1f1f1

    • SSDEEP

      24576:RIVMEFyWLoQJV+fLmomlEkmmsEnE7E7E7EUmemmmmmmIDmeIjwnaKk:RWMEMWlVILmomSkmmtEQQQUmemmmmmm7

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      sheet rat v2.6/Stub/Client.exe

    • Size

      47KB

    • MD5

      a0e04bf9b43f0b442bd3193f06dc52b5

    • SHA1

      30bb0c17640c414d948ed3e2fdf571b98f125efb

    • SHA256

      71824238c3baec179911bd6e4655ebff234e15d0f14248077e2c388ef4337009

    • SHA512

      d7015f5c8223ba0f4e3b478185fa3e4de0831aee949302185fdc8b3afe59105fe096a3e5ee23219a1c16dfcbc77d169a82774ecd727ef98bdb94a878583a2ae2

    • SSDEEP

      768:+nqRz+Q9CF6abcLPbUG9bOplP7ZXdEEyb:B9g6asD79bOHLDu

    Score
    1/10
    behavioral3behavioral4

    • Target

      sheet rat v2.6/Stub/UserMode.obf.dll

    • Size

      136KB

    • MD5

      16e5a492c9c6ae34c59683be9c51fa31

    • SHA1

      97031b41f5c56f371c28ae0d62a2df7d585adaba

    • SHA256

      35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66

    • SHA512

      20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

    • SSDEEP

      3072:t0iX+jLyDcqaH9a6DFHo6MjD7VbZaZaZ8Xwlk4MHWZpt:t07yDSvdoRj2up

    Score
    1/10
    behavioral5behavioral6

    • Target

      sheet rat v2.6/Stub/WinRing0x64.sys

    • Size

      14KB

    • MD5

      0c0195c48b6b8582fa6f6373032118da

    • SHA1

      d25340ae8e92a6d29f599fef426a2bc1b5217299

    • SHA256

      11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

    • SHA512

      ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

    • SSDEEP

      192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

    Score
    1/10
    behavioral7behavioral8

    • Target

      sheet rat v2.6/Stub/ddb64.dll

    • Size

      32.2MB

    • MD5

      82967b6c24f52664a3b9399f853ea812

    • SHA1

      064e83897c545f71f2f6a879ea0845f6d23ec9b9

    • SHA256

      528458c9d7ac88959d2d83aecd0544bf75727d34795deaf658ff3b82000a9e44

    • SHA512

      69625de4e8cadfd361858cd588ef514cf8cac5f1a022541f831ff490bcc5048bb580f1c2a04820f3f978c299cf7b24058c9173cb51086e8bc4813432012e697f

    • SSDEEP

      196608:LEYDJk52U0CDn/DM4b5chY56H5dg5Ej9bUYvqNE6/+XBpSOXtOkO+O:jDcDn/DM4b5wY525dMy

    Score
    1/10
    behavioral10behavioral9

    • Target

      sheet rat v2.6/Stub/ethminer.exe

    • Size

      4.4MB

    • MD5

      38cfdd6cac508c40137ee45dc6857a59

    • SHA1

      199f87fd7bb827b75543141acf580f4e53417595

    • SHA256

      7ca69c624f9745a11ece45baaec80a3e7b596199d4997b4a3a07caecb0cb02d7

    • SHA512

      d4dc8f03288c09c82308025e138c027335067cd6b88ef078ae6a6ec2a79f12e69628ca52a08c19cf0b985acee301c0b823b42ef9830fa94c305f2377c29deb50

    • SSDEEP

      49152:23LsR5jcDqJFfM0UZ+jkpXEIQwog9U2jU4AgIrHv2DR/1w+piac1wgmHyP3wn/z6:Uy5zTjMJzi01Zca7Uwn/t

    Score
    1/10
    behavioral11behavioral12

    • Target

      sheet rat v2.6/Stub/fds.dll

    • Size

      106KB

    • MD5

      a6616dc75aa8f04a473e93d36315696d

    • SHA1

      bfaae46514424f27c1204aa7a4ddf3497a4eec4e

    • SHA256

      97d5a331191b9361ed82c41dbdf74a0b54901d20129a0c0a0f1ecbeca5e9d1ab

    • SHA512

      5eaf900eda2c6f494750d59b7bfa90d05374146e006ffce3b6997b9a3aedff1d0b9a6c4cffc796950b63f7c6708ad64bcaae3a517e8ee27c79e6a0bff435783f

    • SSDEEP

      3072:6iX+jLyDcqaH9a6DFHo6MjD7VbZaZaZ8Xwlk4MnWZpt:67yDSvdoRj2up

    Score
    1/10
    behavioral13behavioral14

    • Target

      sheet rat v2.6/Stub/nvrtc-builtins64_112.dll

    • Size

      5.3MB

    • MD5

      61c8ad0912cd1a5a4093342a4ceb9888

    • SHA1

      80c0b77d68643680b364604e91104f23a61ba2f4

    • SHA256

      fdf1b46d181009aa3ea08e4692499e25edf2dd9ca6bbdd9cfa3ee37a73e8ad3b

    • SHA512

      deb8d3d9d95d7cb7380b1fb0835f3f80268dce63cc1bce06d30ef050179f92c403f6e8d45b0ad8d4ced53649c7a744ade6743c4a98384ee336a4c103b118e38b

    • SSDEEP

      12288:zpoJo2foXo2ko2NoYo2mo2To27o2go27o2Oo2so2no2Poroco2yo2ao2yo2Uo2UZ:zsnCDo

    Score
    1/10
    behavioral15behavioral16

    • Target

      sheet rat v2.6/Stub/nvrtc64_112_0.dll

    • Size

      30.5MB

    • MD5

      5bb58f73e1d17bf4263eac2390095140

    • SHA1

      a451494f177a323badee994f5973ec76c264c405

    • SHA256

      53275679bcf450cf7199a9267f7fcf669a2c457b19d67699391e30d5ff944481

    • SHA512

      6396b27e243280ed7cfdd86ed8b9ea914e7a2b17bc21607ccd148ff1aa4c230603e58b5dc48244d3f2b47cc1dd53266c33502907b82e181b0b78dc9d2c0b964b

    • SSDEEP

      786432:lZKWAdkt9YpGoefLh5cXBgAFyJBBmT8Lhp:l0Wmkt9YpG3fLh5cXBgAUJBBmT8L

    Score
    1/10
    behavioral17behavioral18

    • Target

      sheet rat v2.6/Stub/sigthief.exe

    • Size

      6.4MB

    • MD5

      3e261becbfe12d7a5ffdbba91c76011b

    • SHA1

      2e5849aa0be921849f42121544895ce405fd9af1

    • SHA256

      c85e5240da0e9d06677278f01c55f7d2611641ebeeafff9529e383e6948fd9ee

    • SHA512

      02e897be04fd0d42300d6822f21cf8e435c53ef8ddd5054d9313fb348ad6ccfb70da3cec402d1aa1589217911f9bbfa3623d73dc647c23b0db3e0a656ffd76ae

    • SSDEEP

      196608:R8H4yqXdQmRrdA6lXCy1ArqkVpKCX+PrF4ZHnFHeghaemVe:w4ySdQOlXrAZYCuPJOHnVeg

    Score
    7/10

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      sheet rat v2.6/Stub/xmrminer.exe

    • Size

      4.9MB

    • MD5

      f97406a10af445519bbb391b22366978

    • SHA1

      400339e335bc0352a9a342008c1d146cddb1b2d2

    • SHA256

      4766966b4c125dcdbba55f6d9beacc371ee9700e0f10900a35ef9f15b3357022

    • SHA512

      1df48a68e2458109d4cbc0331ab11c1c76558d617c2a70d6f60ca3783aea7c895f05204d647986d28b8d6e48f6479e68c4b9e87176a8761219ae4b636a37c6f0

    • SSDEEP

      98304:t5AfKZ70gcjrWgcTKUAEiLityOebCX+eui7V6ENz4G:sMmUAEqitCeXCiRXz4G

    Score
    1/10
    behavioral21behavioral22

    • Target

      sheet rat v2.6/System.Buffers.dll

    • Size

      20KB

    • MD5

      ecdfe8ede869d2ccc6bf99981ea96400

    • SHA1

      2f410a0396bc148ed533ad49b6415fb58dd4d641

    • SHA256

      accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

    • SHA512

      5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

    • SSDEEP

      384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e

    Score
    1/10
    behavioral23behavioral24

    • Target

      sheet rat v2.6/System.Collections.Immutable.dll

    • Size

      175KB

    • MD5

      8f55c22412f7d448d6e7b83102665368

    • SHA1

      88df86ee0b137992af15a35825804274fa252e30

    • SHA256

      67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918

    • SHA512

      058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb

    • SSDEEP

      3072:gUbJLl+WMe7FJ02NPhVN0T2rcoNXvUJ4C0jucx2ejoVjM4xT56pL:gUVMWNvrxUJ4CDcY5G

    Score
    1/10
    behavioral25behavioral26

    • Target

      sheet rat v2.6/System.Memory.dll

    • Size

      137KB

    • MD5

      6fb95a357a3f7e88ade5c1629e2801f8

    • SHA1

      19bf79600b716523b5317b9a7b68760ae5d55741

    • SHA256

      8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

    • SHA512

      293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

    • SSDEEP

      3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2

    Score
    1/10
    behavioral27behavioral28

    • Target

      sheet rat v2.6/System.Numerics.Vectors.dll

    • Size

      113KB

    • MD5

      aaa2cbf14e06e9d3586d8a4ed455db33

    • SHA1

      3d216458740ad5cb05bc5f7c3491cde44a1e5df0

    • SHA256

      1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

    • SHA512

      0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

    • SSDEEP

      1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS

    Score
    1/10
    behavioral29behavioral30

    • Target

      sheet rat v2.6/System.Runtime.CompilerServices.Unsafe.dll

    • Size

      16KB

    • MD5

      da04a75ddc22118ed24e0b53e474805a

    • SHA1

      2d68c648a6a6371b6046e6c3af09128230e0ad32

    • SHA256

      66409f670315afe8610f17a4d3a1ee52d72b6a46c544cec97544e8385f90ad74

    • SHA512

      26af01ca25e921465f477a0e1499edc9e0ac26c23908e5e9b97d3afd60f3308bfbf2c8ca89ea21878454cd88a1cddd2f2f0172a6e1e87ef33c56cd7a8d16e9c8

    • SSDEEP

      192:LGLxTyHvc4ROgcxAdWXYWJeaPtWsI9A9GaHnhWgN7aJeWw0fnCsqnajt:LgGLROZAdWXYW8aPcyHRN7WEqn1lx

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstallerminerxmrig
Score
10/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
7/10

behavioral20

Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10