File name: | GoldenEyeRAT1.6.6RELEASE.zip |
Full analysis: | https://app.any.run/tasks/a858c3e8-a6ee-4de9-b84a-757f14e44d8b |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | December 06, 2018, 07:09:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F7670BB96A27A041E10E3BA84DF0D011 |
SHA1: | 37C08B7F6A8E38B62DA83A680B412BD5AA4B5864 |
SHA256: | 05F30945508D84B63809CC8EA7630FD5BBA2750CA21CB734E08D5E993EA5C01F |
SSDEEP: | 24576:xYEYAIG/xvmk2GYNu5nPmoaEMwV4FC15o:OlAIGxBYNupPmoaEdVy |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | GoldenEyeRAT1.6.6RELEASE/Golden Eye RAT Client/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2018:12:05 13:13:14 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2844 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\GoldenEyeRAT1.6.6RELEASE.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3296 | "C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" | C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | explorer.exe | |
User: admin Company: BreakingSecurity.net Integrity Level: HIGH Exit code: 0 Version: 1.01.0001 | ||||
2720 | "C:\Windows\InitSetup.exe" 0 | C:\Windows\InitSetup.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3112 | "C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0 | C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Company: BreakingSecurity.net Integrity Level: HIGH Exit code: 0 Version: 1.01.0001 | ||||
2704 | "C:\Windows\InitSetup.exe" 0 | C:\Windows\InitSetup.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3108 | "C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0 | C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Company: BreakingSecurity.net Integrity Level: HIGH Exit code: 0 Version: 1.01.0001 | ||||
3200 | "C:\Windows\InitSetup.exe" 0 | C:\Windows\InitSetup.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3776 | "C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0 | C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Company: BreakingSecurity.net Integrity Level: HIGH Exit code: 0 Version: 1.01.0001 | ||||
1420 | "C:\Windows\InitSetup.exe" 0 | C:\Windows\InitSetup.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2616 | "C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0 | C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | — | GoldenEye Remote Administration Tool.exe |
User: admin Company: BreakingSecurity.net Integrity Level: HIGH Exit code: 0 Version: 1.01.0001 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\FileSearcher.ini | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\networkcontrol.ini | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\On Join Commands.ini | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\settings.ini | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Data\GeoIP.dat | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\VelyseTheme.dll | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\Clients\Hostah\hwid.txt | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\Clients\Hostah\password.txt | — | |
MD5:— | SHA256:— | |||
2844 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\GoldenEye Licensing Server.exe | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2944 | WindowsGrfxSrvs.exe | 104.20.208.21:443 | pastebin.com | Cloudflare Inc | US | shared |
2944 | WindowsGrfxSrvs.exe | 70.46.121.187:9000 | citysinks.com | Windstream Communications Inc | US | malicious |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
citysinks.com |
| malicious |