Resubmissions

23/06/2023, 12:15

230623-pe115aga7z 7

General

  • Target

    S-500RAT.zip

  • Size

    39.6MB

  • Sample

    230623-pe115aga7z

  • MD5

    26211232c4e9de64151d668d6fc5ab01

  • SHA1

    e2f0ee29f876b7822fa1f8337cd129f20c6df618

  • SHA256

    952fd48df104b9002c3f94e433a7a06024cfd86522f981e981c4f8cd1a2f2483

  • SHA512

    dbb47ed24b8ac4791cac5986022c835f29fccc01f493dcafe3e7ea8a7d1315d1f878d2264aa3c9aa62faf9fdf4533f3bfbd8f958efa48875349e8fa58e0cd4b4

  • SSDEEP

    786432:0Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTW:0/7fQKQbSDfWhfQZ5s+BgrS

Score
7/10

Malware Config

Targets

    • Target

      S-500RAT.zip

    • Size

      39.6MB

    • MD5

      26211232c4e9de64151d668d6fc5ab01

    • SHA1

      e2f0ee29f876b7822fa1f8337cd129f20c6df618

    • SHA256

      952fd48df104b9002c3f94e433a7a06024cfd86522f981e981c4f8cd1a2f2483

    • SHA512

      dbb47ed24b8ac4791cac5986022c835f29fccc01f493dcafe3e7ea8a7d1315d1f878d2264aa3c9aa62faf9fdf4533f3bfbd8f958efa48875349e8fa58e0cd4b4

    • SSDEEP

      786432:0Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTW:0/7fQKQbSDfWhfQZ5s+BgrS

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks