Overview

overview

10

Static

static

5

888 RAT 1.0.9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    888 RAT 1.0.9.7z

  • Size

    21.5MB

  • Sample

    250417-1j833svns9

  • MD5

    b0e0d96af78f1acc15b3f9fba3969669

  • SHA1

    b340f6d8d48ce87aa54b1371d43575f1783fa359

  • SHA256

    837bdc4e97894946ddf90429d75af8a42a1b1c73135cd99867eaab73b244bfbd

  • SHA512

    9de4821e83d5e93e8db603258ab4a17a7c2d692676885341a76634f6927e0e93f85f2e38bae505ac8e598a95fa643dfe1e9e06081a883af8dfd9d3fcc5c4a239

  • SSDEEP

    393216:dMaPbAomNo5LrSbgxqY/Kv9YZUrMEZFFbltrc0Ot5SfvIgptOCpy90GXtpBd:WXzNo5PSz2Q3bLpgtp/

Score
10/10
888ratdiscoveryinfostealerrattrojanupx

Malware Config

Targets

    • Target

      888 RAT 1.0.9.exe

    • Size

      22.0MB

    • MD5

      32004e656640aad1672f0ee98434bc3c

    • SHA1

      d665b4e03e9d75f87079d65cff791147b7ee6e4f

    • SHA256

      beb837e8832f27dacfd3719cf617310f1b9e74badbfca8705ecafce3ed5e6a33

    • SHA512

      1cd55008d6352469a937f168d6d72cfd202d81c24a6be4c6256a4c73c576577aefe8da912c5cb09e12f12a58e46f99381fa9834b58bc356e0c530908b236785f

    • SSDEEP

      393216:TufwMCigvYFChWbRT5OV7lAUl+9o0okMLeDuq3+QAk5ubWWBwBvJ5wV:aXZgvYYhQDOVPl+9l2+OZuhQwR/

    Score
    10/10
    888ratdiscoveryinfostealerrattrojanupx

    • 888RAT

      888RAT is an Android remote administration tool.

      trojaninfostealerrat888rat

    • 888Rat family

      888rat

    • Android 888 RAT payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks