File name:

A7m3d_Rat_v.2.0.0_Beta.rar

Full analysis: https://app.any.run/tasks/9ce3df72-445f-4312-8b12-5e084a58fcc1
Verdict: Malicious activity
Analysis date: September 18, 2023, 16:30:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

8790ECD3D8D95BE0B5F755B88A1F01A6

SHA1:

FFC3D1999C338EE5220A463E88817DA090BBA5AB

SHA256:

7E961091676266C69E03AE703FDA6E2605E7FB20BD24C4BF7A808225C142071A

SSDEEP:

1536:5t9LsBvUiCViK7uxsreNlt0pXQYkvqUavk9cdbQ20Sv1hkKhGcdn+dLv7GVmpp:jwc/F7uureNltCXQYkypvbdskkJ8n+dJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • A7m3d Rat V.2.0.exe (PID: 2664)

  • SUSPICIOUS

    • Reads the Internet Settings

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Reads Internet Explorer settings

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Reads Microsoft Outlook installation path

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Process requests binary or script from the Internet

      • A7m3d Rat V.2.0.exe (PID: 2664)

  • INFO

    • Checks supported languages

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Reads the machine GUID from the registry

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Reads the computer name

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Checks proxy server information

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Manual execution by a user

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Creates files or folders in the user directory

      • A7m3d Rat V.2.0.exe (PID: 2664)

    • Reads Environment values

      • A7m3d Rat V.2.0.exe (PID: 2664)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: A7m3d-Rat v.2.0.0 Beta\A7m3d Rat V.2.0.exe
PackingMethod: Normal
ModifyDate: 2014:07:15 00:21:14
OperatingSystem: Win32
UncompressedSize: 330240
CompressedSize: 95708
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs a7m3d rat v.2.0.exe

Process information

PID
CMD
Path
Indicators
Parent process
2664"C:\Users\admin\Desktop\A7m3d-Rat v.2.0.0 Beta\A7m3d Rat V.2.0.exe" C:\Users\admin\Desktop\A7m3d-Rat v.2.0.0 Beta\A7m3d Rat V.2.0.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Remote Admin Tool - By HmooDi Albalawi
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\desktop\a7m3d-rat v.2.0.0 beta\a7m3d rat v.2.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3484"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\A7m3d_Rat_v.2.0.0_Beta.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 781
Read events
1 750
Write events
31
Delete events
0

Modification events

(PID) Process:(3484) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3484) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
1
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3484.9889\A7m3d-Rat v.2.0.0 Beta\A7m3d Rat V.2.0.exeexecutable
MD5:C40CC4EDBC2E9CCA6E76EBF4B395A55E
SHA256:27F12ABA29935F8A06182F8E7D7263DC7D01280FC2A1CC70AAFECB2C87079BE9
2664A7m3d Rat V.2.0.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\index[1].htmhtml
MD5:51ED1E956FFEBE4100D21FB3474A80B4
SHA256:16B04B90D2F99ED102875EF4411DAE3F54AAE1FE7608E0EA8DAACA90D77DAAAD
2664A7m3d Rat V.2.0.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\park[1].jstext
MD5:0C3ACB0943297E36ED7C381B33765A80
SHA256:2EF2AB81B93BB3D9BC3A8FCF48B6836938475E01A35FD831BC5FB84246112BF6
2664A7m3d Rat V.2.0.exeC:\Users\admin\Desktop\A7m3d-Rat v.2.0.0 Beta\ip-Adress\index.phptext
MD5:0C337DAE71FADAFE4558E87D7D47D0AF
SHA256:3A515395920A52191F518818EDC52704601131B9291E1949BFE9C1E16F889668
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2664
A7m3d Rat V.2.0.exe
GET
200
64.190.63.136:80
http://testapplication.eb2a.com/index.html
unknown
compressed
485 b
unknown
2664
A7m3d Rat V.2.0.exe
GET
200
64.190.63.136:80
http://sedoparking.com/frmpark/eb2a.com/sedopark/park.js
unknown
compressed
589 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3284
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2664
A7m3d Rat V.2.0.exe
64.190.63.136:80
testapplication.eb2a.com
SEDO GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
testapplication.eb2a.com
  • 64.190.63.136
unknown
sedoparking.com
  • 64.190.63.136
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
A7m3d_Rat_v.2.0.0_Beta.rar