f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

General
Target

f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

Size

188KB

Sample

200709-fvcw7vfbyn

Score
10 /10
MD5

4bb3e58d375714e27744d106143cf61b

SHA1

802803b91e9439c5bc0a59f73629d2a191e9f4dc

SHA256

f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

SHA512

64cf58bbc58f05d6d08bdf59ce5b7496bf4a4ae97135d8a96c4ed6af7ae319a2b146d79059ff718d481f26198b1f80874fb7111c8bd79fda039e21db3f9424f7

Malware Config
Targets
Target

f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

MD5

4bb3e58d375714e27744d106143cf61b

Filesize

188KB

Score
10 /10
SHA1

802803b91e9439c5bc0a59f73629d2a191e9f4dc

SHA256

f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

SHA512

64cf58bbc58f05d6d08bdf59ce5b7496bf4a4ae97135d8a96c4ed6af7ae319a2b146d79059ff718d481f26198b1f80874fb7111c8bd79fda039e21db3f9424f7

Tags

Signatures

  • SamoRAT

    Description

    SamoRAT is a .NET malware used to receive and execute different commands on the infected system.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10