eSentire Threat Intelligence Malware Analysis: PINGPULL RAT
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 0bebab82-c506-4228-95c4-f5f816655671 |
| Fingerprint | 24659d91e7315f85 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 20, 2022, midnight |
| Added to db | Dec. 19, 2024, 9:39 p.m. |
| Last updated | Dec. 19, 2024, 11:05 p.m. |
| Headline | eSentire Threat Intelligence Malware Analysis: PINGPULL RAT |
| Title | eSentire Threat Intelligence Malware Analysis: PINGPULL RAT |
| Detected Hints/Tags/Attributes | 78/2/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | v2.hinitial.com |
|
| Details | Domain | 3 | v3.hinitial.com |
|
| Details | Domain | 3 | v4.hinitial.com |
|
| Details | Domain | 3 | t1.hinitial.com |
|
| Details | Domain | 3 | hinitial.com |
|
| Details | Domain | 4 | df.micfkbeljacob.com |
|
| Details | Domain | 4 | jack.micfkbeljacob.com |
|
| Details | Domain | 1 | affidavits7.exportadoralambari.com |
|
| Details | File | 242 | advapi32.dll |
|
| Details | File | 1 | youta.exe |
|
| Details | File | 1 | sqlservers.exe |
|
| Details | File | 1 | khcamgsm.exe |
|
| Details | File | 2 | servermannger.exe |
|
| Details | md5 | 1 | 255dffb6d619ba7ffe5602e6ff64e03c |
|
| Details | md5 | 1 | 61496042ac5d53a99dcf52a0fde41867 |
|
| Details | md5 | 1 | b4dd22013aefae6f721f0b67be61dc91 |
|
| Details | md5 | 2 | 1a96767957e193c45b1bf642f3293350 |
|
| Details | md5 | 1 | d58c5fe6a5b5b3d494bae50d1df310f5 |
|
| Details | md5 | 2 | 7e01d776a0eb044a11bf91f3a68ce6f5 |
|
| Details | IPv4 | 5 | 192.168.10.12 |
|
| Details | Yara rule | 1 | import "pe"
rule PINGPULL_backdoor {
meta:
author = "eSentire TI"
date = "05/24/2022"
version = "1.0"
strings:
$a1 = { 68 69 6E 69 74 69 61 6C 2E 63 6F 6D }
$a2 = { 50 52 4F 4A 45 43 54 5F 25 73 5F 25 73 5F }
$a3 = { 74 6F 74 61 6C 3D }
$a4 = { 49 50 20 48 65 31 70 65 72 }
$a5 = "Iph1psvc"
condition:
3 of ($a*) and (filesize < 200KB) and (uint16(0) == 0x5A4D or uint32(0) == 0x4464c457f)
} |