General
-
Target
S-500RAT.zip
-
Size
39.6MB
-
Sample
230623-s1396aha5t
-
MD5
26211232c4e9de64151d668d6fc5ab01
-
SHA1
e2f0ee29f876b7822fa1f8337cd129f20c6df618
-
SHA256
952fd48df104b9002c3f94e433a7a06024cfd86522f981e981c4f8cd1a2f2483
-
SHA512
dbb47ed24b8ac4791cac5986022c835f29fccc01f493dcafe3e7ea8a7d1315d1f878d2264aa3c9aa62faf9fdf4533f3bfbd8f958efa48875349e8fa58e0cd4b4
-
SSDEEP
786432:0Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTW:0/7fQKQbSDfWhfQZ5s+BgrS
Behavioral task
behavioral1
Sample
S-500RAT.zip
Resource
win10-20230621-en
Behavioral task
behavioral2
Sample
S-500RAT.zip
Resource
win7-20230621-en
Behavioral task
behavioral3
Sample
S-500RAT.zip
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
S-500RAT.zip
-
Size
39.6MB
-
MD5
26211232c4e9de64151d668d6fc5ab01
-
SHA1
e2f0ee29f876b7822fa1f8337cd129f20c6df618
-
SHA256
952fd48df104b9002c3f94e433a7a06024cfd86522f981e981c4f8cd1a2f2483
-
SHA512
dbb47ed24b8ac4791cac5986022c835f29fccc01f493dcafe3e7ea8a7d1315d1f878d2264aa3c9aa62faf9fdf4533f3bfbd8f958efa48875349e8fa58e0cd4b4
-
SSDEEP
786432:0Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTW:0/7fQKQbSDfWhfQZ5s+BgrS
Score8/10-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-