Overview
overview
10Static
static
3xRAT v2.0/...lt.exe
windows7-x64
7xRAT v2.0/...lt.exe
windows10-2004-x64
10xRAT v2.0/...il.dll
windows7-x64
1xRAT v2.0/...il.dll
windows10-2004-x64
1xRAT v2.0/...at.dll
windows7-x64
1xRAT v2.0/...at.dll
windows10-2004-x64
1xRAT v2.0/...ib.dll
windows7-x64
1xRAT v2.0/...ib.dll
windows10-2004-x64
1xRAT v2.0/client.exe
windows7-x64
6xRAT v2.0/client.exe
windows10-2004-x64
10xRAT v2.0/xRAT 2.exe
windows7-x64
1xRAT v2.0/xRAT 2.exe
windows10-2004-x64
1General
-
Target
9a29bddf402b54b0f23fed218dbc1b13186db7688930ec8dcf627aae635ccf79.zip
-
Size
2.5MB
-
Sample
240705-b1fena1hjb
-
MD5
f183214bb2f9050151f856f4fa7744d5
-
SHA1
46eab90d3e271f2a550bee3b4dadcd5323ebbd78
-
SHA256
9a29bddf402b54b0f23fed218dbc1b13186db7688930ec8dcf627aae635ccf79
-
SHA512
06ec143d1cb184f07947af54143d1b59b3da2aa5c8541fa07453efca71092bbfa0cb16e41c06544146ff99ee04c971238a9813ff79d7cec66963ce47bc65d8f9
-
SSDEEP
49152:stMhgHaLtLCJuimQOAXe8+QTe0pAlsY456tOmCRiHNiLg84QbLZgLCRSAeGVlPpv:IMhgHaxuJTmQ5X+QS0p/Yt1tJ8ZBvS3u
Static task
static1
Behavioral task
behavioral1
Sample
xRAT v2.0/Client-built.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
xRAT v2.0/Client-built.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
xRAT v2.0/Mono.Cecil.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
xRAT v2.0/Mono.Cecil.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
xRAT v2.0/Mono.Nat.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
xRAT v2.0/Mono.Nat.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
xRAT v2.0/Vestris.ResourceLib.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
xRAT v2.0/Vestris.ResourceLib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
xRAT v2.0/client.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
xRAT v2.0/client.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
xRAT v2.0/xRAT 2.exe
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
xRAT v2.0/xRAT 2.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
xRAT v2.0/Client-built.exe
-
Size
294KB
-
MD5
04c30859516960ad61fcda864c16ea84
-
SHA1
c5893f23d34826eb061cbff517843793f13b0e6a
-
SHA256
e4fcf1f6b71043e7c7c32f6954a0a1972696fa1bb9b6543ead14e85626890a11
-
SHA512
ef58cd9756f6d89b9752a6a233e388bfca9d1cb707af641ef95f04181b142e260c4c5c8e034270de35cd88cf569d81cebbcdc5af3749840436d006859cc6230c
-
SSDEEP
3072:7o7lYJHuSHgB24g54PzOOqJYGk6/uGDB0C6Z3pMJCv5Aa5OZw1Rvbq/ZU1os8rG1:U7lRw4vB890C6ZwLORvbq/uv8M
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
xRAT v2.0/Mono.Cecil.dll
-
Size
275KB
-
MD5
2f1d2b580f22c8b14426cc793cafa143
-
SHA1
3debfcafb6d1f94f999e02f18785ea9b13978767
-
SHA256
c1c9504393fb9ae1e5130a70afed53f26a26f23bcbd655c3d79bc0fb846d2b2d
-
SHA512
807789490cbde1ec11a473525de3d953d95e3889ec112dd2f0a4fc2aae504a2afa4ed66b6f4ce6b956e3ddd392ac8289621fa42d1b4cb9818896780b42c1c03a
-
SSDEEP
6144:GXFrvb8HhISlKKvK0EihcEgMdWJ2I6jSAOHvSIT4KdFvkPzg:RBdK5JlDvSIM
Score1/10 -
-
-
Target
xRAT v2.0/Mono.Nat.dll
-
Size
46KB
-
MD5
07104f5e5709661e722a76a1aa9b4ec2
-
SHA1
7c65c0ede3e9a7916b7a53f39f5c8bddb2971247
-
SHA256
cda6e89b45af038619b2cb0eff185d842e7401805c527866bc00f4286a7b0124
-
SHA512
79d6c028d48008814863b1a7b321a61ce5568afa30e372230a82808e19c5dab8d3a4a34ec6d8a122ddfbbbf384d2c62fe4c516f1fd7e8561ac8acbcac39ec446
-
SSDEEP
768:Uxe95m8J7r4A46Zj/Q5ttlyJRubO5CFR:U47r4KlQ5tyJUakT
Score1/10 -
-
-
Target
xRAT v2.0/Vestris.ResourceLib.dll
-
Size
76KB
-
MD5
4c2fc3ae1f21d55a82464f03de977899
-
SHA1
0399fd6265cb54369043080ebf4d013574f9f208
-
SHA256
13e08cc54e2238592424b2d337333631f5b7dd804c682b8781be08de53d7889a
-
SHA512
4abcb8b26b7d6636d3d9858b39f2d4171b1baba05f476f4c8f9c9ab0fb2b8da2d3fc5fe685c2873af98fe63d3e68c78b91f42ff7ea8a8a37a34276132904d348
-
SSDEEP
1536:Ix0R789PUoXYIt1Og7O1pKYoRvWkAaClFYgGKeK92NXABHg:i0R789PU1IT7O1pwuugFVG/K92V
Score1/10 -
-
-
Target
xRAT v2.0/client.bin
-
Size
271KB
-
MD5
9d697a19004e86acede9ee1bef4ff664
-
SHA1
6193e527615492a1525f10172fefd69460170484
-
SHA256
ac1fa54c26a22f25b1d78ab15315f48339eca43645162de8ad9c77d83a7c7f0a
-
SHA512
25f26e09f50425c762e370bd7873d782aea7cd0328b30b0ed29e09692b5b380fdee1934d43c68848cace432dd9615791225f2531b3bb274c49d4cb692e50689d
-
SSDEEP
3072:tDcnJEoBClZIwxVHOK7Vef43d73l1dRHHg2IgJnNDcBkbzsJmrh/SC1uq0RN8kfn:tDcXWZPXQf4th1LguJzbz048
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
xRAT v2.0/xRAT 2.exe
-
Size
1.1MB
-
MD5
fec8c33eda89a51808b52c3df2cb19d6
-
SHA1
1a845c5fe91346d2c217a683c1479885643efecc
-
SHA256
a71d5cbad432ffbddff485ec8fcfb60f5eecac7e59aaf6d4d1e92052e2a3c40b
-
SHA512
4f8d9398acc5775ee451da3e0399d05510167de2618dd3e36be84295e9f5997cb2c48a9cc02377ceef8e38a00c69b5084731842ee3c2eb897881771363a926e7
-
SSDEEP
12288:eqE7W86cb4W0XnzSrm2zd/ejGZFooreUQSrl/L:ekaDNBz
Score1/10 -