General

  • Target

    S_-_500_RAT_G3_2022_Anonymous.rar

  • Size

    30.6MB

  • MD5

    20a1303c72dc7dd859982e9bf45c70c0

  • SHA1

    d1c3a802e0fba35c1aeed1c8720aaf4323a66294

  • SHA256

    2199752fcd7d8761556b8da40c3509c9fdaa4627e031f0fa32f3d6c103789a3e

  • SHA512

    c69d718ad5f406697f42a080f92c90d9846e160631c0d90beb290536017e3d21600181d6cf4ea367a09b56aa67d8bfbbccd5bc20d9da29ad242d51a49b28fecc

  • SSDEEP

    393216:JPRH+eRBy7LmiHueI8BdRxvRZopLo4sOxKlpPL4XBnQUbOK+VLAG8RMq9bnAMRkv:HJRqLUAjRxvQsOxKXP8xnSl8RTRZp2

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Files

  • S_-_500_RAT_G3_2022_Anonymous.rar
    .rar
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/compile.log
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Api/kernel32.inc
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Api/msvcrt.inc
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Api/shlwapi.inc
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Compression.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Download.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Drop.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Emulator.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Melt.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Obfuscator/nop.txt
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Obfuscator/nop_minimal.txt
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Obfuscator/register.txt
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/PebApi.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/PebApi.inc
    .vbs
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Resources/default.manifest
    .xml
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Resources/elevated.manifest
    .xml
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/RunPE.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Stage2.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/Stub.asm
  • S - 500 RAT G3 2022_Anonymous/.peu/New Project 1/src/nt.inc
  • S - 500 RAT G3 2022_Anonymous/BouncyCastle.Crypto.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Certificate/BackupCertificate.zip
    .zip
  • S - 500 RAT G3 2022_Anonymous/Certificate/ServerCertificate.p12
  • S - 500 RAT G3 2022_Anonymous/Chrome.ico
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/1.DAT
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/10.DAT
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/11.DAT
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/2.DAT
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/5.DAT
  • S - 500 RAT G3 2022_Anonymous/Clients/Downloads/A82871D5B4CE1A95/7.DAT
  • S - 500 RAT G3 2022_Anonymous/Compression7zip.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/FastColoredTextBox.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Gry73.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Guna.UI2.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/LiveCharts.Wpf.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/LiveCharts.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Login.txt
  • S - 500 RAT G3 2022_Anonymous/MetroFramework.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/New Project 1.peu
  • S - 500 RAT G3 2022_Anonymous/Obfuscation.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Plugins/ActiveWindows.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Admin.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/AntiMalware.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/BotsKiller.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Chat.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Clipboard.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Cmd.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/DDos.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/DotNet.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/File Manager.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/FileManager.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Fun.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/HBrowser.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/HRDP.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/HVNC.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Helper.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/HiddenApps.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/HiddenProgram.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Hosts.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/IconLib.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Information.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Installedsoftwares.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Keylogger.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/MessageBox.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Mic.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Mining.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Options.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Password.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Powershell.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Ransomware.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/RecoviryPasswords.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Regedit.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/RegistryEditor.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/RemoteCamera.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/RemoteDesktop.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/ReverseProxy.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/SClient.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/SendFile.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Services.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/Startup.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/StreamLib.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/TCPConnection.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/TaskManager.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/USBSpread.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/User ID.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/WiFi.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/lz4.AnyCPU.loader.dll
  • S - 500 RAT G3 2022_Anonymous/Plugins/protobuf-net.dll
  • S - 500 RAT G3 2022_Anonymous/QuickLZLibrary.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/S500RAT.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/S500RAT.ico
  • S - 500 RAT G3 2022_Anonymous/Socks5.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/SunnyUI.Common.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/SunnyUI.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Svg.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Terror/1.gif
    .gif
  • S - 500 RAT G3 2022_Anonymous/Terror/2.gif
    .gif .ps1
  • S - 500 RAT G3 2022_Anonymous/Terror/3.gif
    .gif
  • S - 500 RAT G3 2022_Anonymous/Terror/4.gif
    .gif
  • S - 500 RAT G3 2022_Anonymous/Terror/T.wav
  • S - 500 RAT G3 2022_Anonymous/Tulpep.NotificationWindow.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/Vestris.ResourceLib.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/WinMic.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/WinSound.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/cGeoIp.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/dnlib.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/initialization.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/lz4.AnyCPU.loader.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/protobuf-net.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • S - 500 RAT G3 2022_Anonymous/settings.xml
  • S - 500 RAT G3 2022_Anonymous/zxing.dll
    .dll windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections