Overview
overview
10Static
static
7S500 RAT/....pi.vbs
windows10-2004-x64
1S500 RAT/B...to.dll
windows10-2004-x64
1S500 RAT/C...ip.dll
windows10-2004-x64
1S500 RAT/F...ox.dll
windows10-2004-x64
1S500 RAT/Gry73.dll
windows10-2004-x64
1S500 RAT/Guna.UI2.dll
windows10-2004-x64
1S500 RAT/L...pf.dll
windows10-2004-x64
1S500 RAT/L...ts.dll
windows10-2004-x64
1S500 RAT/M...rk.dll
windows10-2004-x64
1S500 RAT/O...on.dll
windows10-2004-x64
1S500 RAT/P...ws.dll
windows10-2004-x64
1S500 RAT/P...in.dll
windows10-2004-x64
1S500 RAT/P...re.dll
windows10-2004-x64
1S500 RAT/P...er.dll
windows10-2004-x64
1S500 RAT/P...at.dll
windows10-2004-x64
1S500 RAT/P...rd.dll
windows10-2004-x64
1S500 RAT/P...md.dll
windows10-2004-x64
1S500 RAT/P...et.dll
windows10-2004-x64
1S500 RAT/P...er.dll
windows10-2004-x64
1S500 RAT/P...er.dll
windows10-2004-x64
1S500 RAT/P...er.dll
windows10-2004-x64
1S500 RAT/P...DP.dll
windows10-2004-x64
1S500 RAT/P...NC.dll
windows10-2004-x64
1S500 RAT/P...er.dll
windows10-2004-x64
1S500 RAT/P...ps.dll
windows10-2004-x64
1S500 RAT/P...am.dll
windows10-2004-x64
1S500 RAT/P...ib.dll
windows10-2004-x64
1S500 RAT/P...on.dll
windows10-2004-x64
1S500 RAT/P...es.dll
windows10-2004-x64
1S500 RAT/S500RAT.exe
windows10-2004-x64
10S500 RAT/S...er.exe
windows10-2004-x64
7S500 RAT/l...er.dll
windows10-2004-x64
1General
-
Target
S500 RAT.zip
-
Size
60.4MB
-
Sample
231002-n27xhsab3s
-
MD5
c81e1a780bfe0c0c08cc065c07f9ccf4
-
SHA1
b6323176ddcc6b1a39ee9d6645ff8423656158b0
-
SHA256
d5875d4d08dac2c89551c28981c116d428260e9cc8f3de064123922d88dae06f
-
SHA512
17a497f77457feb2b9c25fa138338e58dbeab21dc263d9f4407f4669d45b05c31ff75b6bc24f27a5387c0e96e3807c804ddda2cd0d1b169d7dbb278625b6f59e
-
SSDEEP
1572864:ogpmeR1RFRShPdw2L0POYJhtzU9lr7RvVST:HHp2w2GzurFVST
Behavioral task
behavioral1
Sample
S500 RAT/.peu/New Project 1/src/PebApi.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral2
Sample
S500 RAT/BouncyCastle.Crypto.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
S500 RAT/Compression7zip.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral4
Sample
S500 RAT/FastColoredTextBox.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
S500 RAT/Gry73.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral6
Sample
S500 RAT/Guna.UI2.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
S500 RAT/LiveCharts.Wpf.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral8
Sample
S500 RAT/LiveCharts.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
S500 RAT/MetroFramework.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral10
Sample
S500 RAT/Obfuscation.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
S500 RAT/Plugins/ActiveWindows.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral12
Sample
S500 RAT/Plugins/Admin.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
S500 RAT/Plugins/AntiMalware.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral14
Sample
S500 RAT/Plugins/BotsKiller.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
S500 RAT/Plugins/Chat.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral16
Sample
S500 RAT/Plugins/Clipboard.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
S500 RAT/Plugins/Cmd.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral18
Sample
S500 RAT/Plugins/DotNet.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
S500 RAT/Plugins/File Manager.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral20
Sample
S500 RAT/Plugins/FileManager.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
S500 RAT/Plugins/HBrowser.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral22
Sample
S500 RAT/Plugins/HRDP.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
S500 RAT/Plugins/HVNC.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral24
Sample
S500 RAT/Plugins/Helper.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
S500 RAT/Plugins/HiddenApps.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral26
Sample
S500 RAT/Plugins/HiddenProgram.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
S500 RAT/Plugins/IconLib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral28
Sample
S500 RAT/Plugins/Information.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
S500 RAT/Plugins/Installedsoftwares.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral30
Sample
S500 RAT/S500RAT.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
S500 RAT/ServerRegistrationManager.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral32
Sample
S500 RAT/lz4.AnyCPU.loader.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
xworm
2.2
license-donna.at.ply.gg:55049
a91H2xmbhI9aDmQI
-
install_file
USB.exe
Targets
-
-
Target
S500 RAT/.peu/New Project 1/src/PebApi.inc
-
Size
2KB
-
MD5
1ed2608e8fefbe2b4978a257d456b866
-
SHA1
134a2608e5f07b8637d44538676e64ffc605a27f
-
SHA256
075326d282390e14e558adf21ef184e24eff05d6c5a69233219cc48ba751bc3f
-
SHA512
ff9550cdee02af07909e3a8d5c2192b3b480b96098bc95e0b0d27b50287728d58bd24391ffe1c8620e38f303bd70db4cfce90be872e48e284e632a71f40957aa
Score1/10 -
-
-
Target
S500 RAT/BouncyCastle.Crypto.dll
-
Size
2.5MB
-
MD5
3551343fab213740bbb022e3a6dcf27b
-
SHA1
de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
-
SHA256
5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
-
SHA512
e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42
-
SSDEEP
49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0
Score1/10 -
-
-
Target
S500 RAT/Compression7zip.dll
-
Size
40KB
-
MD5
cbc44e5fc144b9e998b1d98452a87c06
-
SHA1
b1dd5c67f1e37bf1b40ca5abb031899a09798b1d
-
SHA256
1c167173ee4f36732bec73ac19fd774b3bd606c8c5d46cd35194093f642b711c
-
SHA512
38fce2c86225115d7aa19fadb5567fbfee4a75e30a93440d0ae0ca800767ad27e3689de0a9a953f79f5bfa16aba5ad232cad4154889f510b51ef32185f6a4fdc
-
SSDEEP
768:eGDJdsdPCIxoHXNo2/z/heU/FLlPRnHdytMnRixGpiLuqAdIkUlGAxrID/Pve7E9:tDJdT/9eU/FJZnvBhq7k1Xve72
Score1/10 -
-
-
Target
S500 RAT/FastColoredTextBox.dll
-
Size
298KB
-
MD5
020afdfc4f034027354b9f33fe0900cb
-
SHA1
cf323c82de0ce24147033008d086a380a9f04868
-
SHA256
8f9d26773e9a13779c4e1cd498ba484f31d2459df4cdfbb274919c316a8825b0
-
SHA512
02c97d3361a365396b6eab5d09213330609f37a6f233d86fd7cb9859d1e7622a9d81d2a9201223703f510974d42a97596b16d0945cd34ba1ecd31d3760c68ea8
-
SSDEEP
6144:Z/P+T2FFt0aWXsA7m25bmxbLampiI/nlsqJLDd5eNrgs:J+TuroVmRlb4IvZeNs
Score1/10 -
-
-
Target
S500 RAT/Gry73.dll
-
Size
45KB
-
MD5
b3d076f3125fa03d8f97a9fef0b42a5e
-
SHA1
3f4ef3de41a8f3b7adcf79cc031fb4de12265304
-
SHA256
21f68f41aadfc44c994ef9a4394d910250a4c9e43f4d8c43b3015f5390014819
-
SHA512
27ab2e34c44a720a6f836d5892dcf1cb426bc20bced7e218799a7d6cf57b5e1e8719e3bb580a5d1be623e91a5e9333298541395d774bf6af4fdeacf855867f13
-
SSDEEP
768:PX5Ii8RZqHCPLq6vt/3pjsK/ZvT+T84o4snonmeTz6dXJyZ:PX28CDq63pjsKtaT8nXC/TkXJi
Score1/10 -
-
-
Target
S500 RAT/Guna.UI2.dll
-
Size
1.9MB
-
MD5
0f07705bd42d86d77dab085c42775244
-
SHA1
7e4b5c367183f4753a8d610e353c458c3def3888
-
SHA256
cf9b66e11506fa431849350c0cb58430a71e5ec943d2db9ef1b2e2302f299443
-
SHA512
851b1a4c470ee7fe07ce5619c16fd391428585926c5b559694a9e445633ea51ec86c74a3bbf3bce39d943c4bf714dad2fd3c4a4d0703be2333541c79a2ee97f0
-
SSDEEP
24576:m8Yq6KN2liAVp0j4DuJPbTzcH7DlktjfEzgKxGgcKM8Q3xajfgY236RYgPNsP:drCqfE0KctKM8Qv6RYgPY
Score1/10 -
-
-
Target
S500 RAT/LiveCharts.Wpf.dll
-
Size
212KB
-
MD5
e924f79f0b5f3e79c98477d75831813d
-
SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e
-
SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
-
SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
-
SSDEEP
6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score1/10 -
-
-
Target
S500 RAT/LiveCharts.dll
-
Size
148KB
-
MD5
9642899636959b7fc89bf34a8b998a90
-
SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96
-
SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
-
SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
-
SSDEEP
3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score1/10 -
-
-
Target
S500 RAT/MetroFramework.dll
-
Size
345KB
-
MD5
34ea7f7d66563f724318e322ff08f4db
-
SHA1
d0aa8038a92eb43def2fffbbf4114b02636117c5
-
SHA256
c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
-
SHA512
dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
-
SSDEEP
6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj
Score1/10 -
-
-
Target
S500 RAT/Obfuscation.dll
-
Size
22KB
-
MD5
0dac4ba4180115bcbafced522b94970a
-
SHA1
d70457578f3e0db24ecab84323854c7c7a724f61
-
SHA256
8cb9ede1fd8c60691503b77c3ef52b35881a2555057cb5557341cd8c89e752de
-
SHA512
b27329c07ed0f671aa109cdd49d2c32d84031dc64a290f9447864aee0975cc0662179f0c684c5feacb6ca7f99b9eb483bbc74a79234c741f69efeff76ad0c87a
-
SSDEEP
384:KTvtklEbiXejlVExwehhLzb5s5TbRRyLGv4Jv7ZEIbioxY:lEbiSPExZhV4BvQzZE/oxY
Score1/10 -
-
-
Target
S500 RAT/Plugins/ActiveWindows.dll
-
Size
27KB
-
MD5
11667dcbb0c3f4a2cabbb7e749abb8e4
-
SHA1
aa265341eabf7a2b7f87aff44bcd74cd018fb5f9
-
SHA256
3b67b9994db3b22a1ffe4c5ac7be974d1470e9892c0ce2fdc4aa1fdce6529f04
-
SHA512
04c6e179f11866e83d6fc931585e35314496a9df2420f3d10ef007a7f8ede282ae3ba30f704c67dc5f8702a8d7cdf8aca759df6df0d0bac4bfbbc599b5e88ba1
-
SSDEEP
768:D2uI+GQ6Ztlf/Ws8NXtu8qzDi/NxnTj07Hg9RBZw/Bo:CrFZn98Ndu8qzDi/PnPcHoRBuZo
Score1/10 -
-
-
Target
S500 RAT/Plugins/Admin.dll
-
Size
31KB
-
MD5
fc4a2c1fe09bad3c45b1667dbc5ee1e3
-
SHA1
c8b48aeebc2701b604519860c8eb58d7d60b0523
-
SHA256
af2ec6aececa142de44371908980aa041ce3d51e4ccae151fcd86a7db8b2a384
-
SHA512
dab8dda902d1e05f63a8ac9cb4afae8d204d2d678aa5a9def15495297787df3d75d21ae035cc24a80a7edd5bbd939727aa7feea217c2f4896073956e13b0792d
-
SSDEEP
768:eRgZyI4Ph/U6d0vZxnrXCzt1tqvlbZQHX477fQtPS5j4p:fB4PzNil164cp
Score1/10 -
-
-
Target
S500 RAT/Plugins/AntiMalware.dll
-
Size
29KB
-
MD5
5597ca467d7b6e8ba3571c4bb052b586
-
SHA1
375ae43aa132d705c392253fe08139d996a10a31
-
SHA256
cd7ce00deaca14e500ab16c18164f11483a04b9e9b5ab5c6cdf87df42fefe608
-
SHA512
c8938c27019ebd1d55502ac66c21a22219f815a11640d3380c00733afa4ae850860d47c3e2a47bbd4651f3267d0d5343f484dcf36653fcde64c12215f615f382
-
SSDEEP
768:kWJR0JPaDQbRvCYIVkFIY8B1VV123MhsLiYlsU:VJIbRUVJXV0l2ef
Score1/10 -
-
-
Target
S500 RAT/Plugins/BotsKiller.dll
-
Size
7KB
-
MD5
30e2fb2bc2a5860fd32fafb285401ee1
-
SHA1
57f9f8814bea72c06ca924ec08455b8aac351112
-
SHA256
44c3d6fb2e8bbc241955524bdaca1b6a90548e8769b9945cee50ba1fb35041ca
-
SHA512
bfce9a9700d298fded24502775c6508cee31a7e2d65e66bb1a1c9016b1e8e7c173c7f2607e295843afda49aa02070b2e75b60e51b4b3753c4105de87edc6924c
-
SSDEEP
192:JwOwaWTCJfRyRmvXHMFd2OsOGd/l4oI5/rodYHR6:JwxCJf4ZFwVhb+mW6
Score1/10 -
-
-
Target
S500 RAT/Plugins/Chat.dll
-
Size
1.7MB
-
MD5
88c29a6120e7ffb996ef451cf0b6ac99
-
SHA1
3388261d1ff706d1adcd28c47cd6e6d7055c7735
-
SHA256
9b374f56b637d01f1e9c113fc5cebe04515e01e0e5e7a309bf62134a1933f246
-
SHA512
0d72f7a703b79ca063f31f655468410c710fb866be127ec9b360baa3c6fd7081aeb9da8e2a762f963aea54eff371fa6159ca4a922ef647b2219a29ca195e0193
-
SSDEEP
49152:2H43LjSHwuDwnI/ZNYF1QrQg+qrR9G1j44W:yQLnIxNYF1QrQg+E9s4X
Score1/10 -
-
-
Target
S500 RAT/Plugins/Clipboard.dll
-
Size
28KB
-
MD5
b0ba61981f5f7b8ec9929e240b81e6be
-
SHA1
36cac974e67146631bdeb0d89d5602c1b9120c66
-
SHA256
4ffd6a2c22293204ff1d9ea606d5398ac0286a2ed4a3f251eb0f248bb90ae6de
-
SHA512
84b228da4074545bd18df46c1dca268069066132d6f7b27a5a62ba9b770402030f4c7fcf73c980565f0b1aa47fb13f0d1fd012e06bb213580fe9bda1a650a8fd
-
SSDEEP
768:7q23iUSHtiLxhdEvgtEGcJsU21J5+xa7QPXYt24XhdT9m:CHtijO2HZU2bsISI24xdM
Score1/10 -
-
-
Target
S500 RAT/Plugins/Cmd.dll
-
Size
29KB
-
MD5
79da3973167c94db5eb3248d570a059b
-
SHA1
86eea216c64e84ad1f1189587320eb7c1e2230d9
-
SHA256
8a87fc821f1c3f6931cb7f908a247fcc2f83ff97b72d95519ad87f924c21b532
-
SHA512
97174313d64bae3069bfe9cdd226c9f19221c9c0d408b0ba7431d29e78422aec8cb8adfaf1931a653723b9fce40e447a48d411b1684c566d8253356b1ce6da6a
-
SSDEEP
384:J10x7JfgKLW1DfAZJjCVNuUCTL9lYzUp51n9AsjFeKYSEkzrQ/KJWC+efBTQQN:r2JqBqJjBNpX/jUkmLuJTd
Score1/10 -
-
-
Target
S500 RAT/Plugins/DotNet.dll
-
Size
28KB
-
MD5
7bed5f9fd85dbd250423c7f2e7b0f0f4
-
SHA1
633b27de3913bb1d6efbe2b32df4663138af2137
-
SHA256
86b808d7fc05a7c0f81791e19850ab312ce0a8d0c73ab6e57bd759c56fd4e7fb
-
SHA512
c74224c22b6931ffd11cdbe48d8c83765747e6a27a89ec0f511b128e5e3d1753d80a0116cc14654ddeb0237138a92fdc0392987650c936126384331e5e86de59
-
SSDEEP
384:J8iguvx9gxoqVzbsJqsUAAYld3wVQd/SplkPLppWNu4oksAzkhojvE0ChR4YooQw:WiBfu0vr6/kPLfWN/oks5SvEfhR4YoM
Score1/10 -
-
-
Target
S500 RAT/Plugins/File Manager.dll
-
Size
41KB
-
MD5
409f91cda95ea16ac662853af480c082
-
SHA1
8e896a81bbdbec745adf493ebf3ac6c0407476fb
-
SHA256
d92054c707c046d206b0067a789b822bba65a53fe6052ff174f9d3743053f6c1
-
SHA512
166ae3ee24ca1c504b6307d68fe7a4440bd2798ab258327b886ba6a7b9d62ce2f5d34ba45cde4be401d5c5888b45da37bd6588a10fc3a6e81a9e2769e24f6f02
-
SSDEEP
768:+AlPMf7Ob86SpiS2JRLYggY697aabVlDtukF9f:+KMf7t92/LYG6Nuy
Score1/10 -
-
-
Target
S500 RAT/Plugins/FileManager.dll
-
Size
44KB
-
MD5
b2592a810bb96e865490599126ad680b
-
SHA1
e6a51cff95c22b22c4c5db1630e946d8b183252b
-
SHA256
d2e40fa9d5e90aeeb179efc057eabaafe62ab347c6123659ba4d954f5b75b056
-
SHA512
213f2886c48e2a61d84f07d7b05976d6ef1265b15d315dee7bf960477baa7decb946ff7e0fe79fbe0a9e4e59fb9561d6a682dd2aa2869c59eaf5b67d19fec4e7
-
SSDEEP
768:7Qu6mnSI3CS8n26Maw9TAiKUGIu0ZR8ZuTbvWNNODJSG95xCjNSUM2p:3nZvROwdKFIut4n6w/2p
Score1/10 -
-
-
Target
S500 RAT/Plugins/HBrowser.dll
-
Size
49KB
-
MD5
f8e8db566e4ad2924b8973ea2218f2c6
-
SHA1
550e9886e568470634bb188d5168b884de8ad533
-
SHA256
41c6c5a8ebb41572e4903908a23080c1ecd7386ae0131f4fe87f2a8e14df336a
-
SHA512
8f7d90e5945c7df3b700c88896171b228478d56ee30d92b26e60c52d1bd0fcbdcd8bccfcfeb83d94781b978e8279050107e12bdc75e15b89c31bd31af748c923
-
SSDEEP
1536:VfZXWU5S35MH8h4EjhFjyUitZobiXSrk/jg:VfZXL5mMwJjhMUumbq2k/jg
Score1/10 -
-
-
Target
S500 RAT/Plugins/HRDP.dll
-
Size
37KB
-
MD5
4f3be09a3f000e5d717d698819311000
-
SHA1
5e809e1be7858bff5e01adf20565a4985edca219
-
SHA256
63e05c9a64641ce9ce3620293be5e1cf5d8afe8d91982375f7e466e1450b30a4
-
SHA512
5a8fa8e0d0bfdbc81b91081bb8789da97a606d267432b4d09e888ef89356ec954057136e590cc7db6be125195c0f2ad1568116f56f47bcd7f581739effc292a8
-
SSDEEP
768:Bb3CzsCncWFVqOs0wXLAxpR+l9z85Z7gYe2xxSgTlNiIae+EgkbE:BTCQCntT3bwXLAxM10Z75QgTlNiIH+E0
Score1/10 -
-
-
Target
S500 RAT/Plugins/HVNC.dll
-
Size
61KB
-
MD5
720a634bae36d002f4b09121a82416c4
-
SHA1
7c34ada39645c8d063c6bb62af391e29638a6bac
-
SHA256
6ec1d49bfa973b66338c934bb8fda569a043dcb6e2227b8ab981b78b487f7f35
-
SHA512
4f926ad7a5d1d242449fcdc6c8fa8e55cb98adca418b30840e9e2c7da2e1102cd5faaf130e5834622cc55fdb3c6a2efcc9913abf1b1ee913dc78b89fb771801b
-
SSDEEP
1536:yVqfjO1mo9BnOSqyHUTbZ92DrsZxbCNqDx9HFuLrqQD7fXpLPCsWcx:ysfaA8BjCZ9SqbUqNFELrqipPYi
Score1/10 -
-
-
Target
S500 RAT/Plugins/Helper.dll
-
Size
4.9MB
-
MD5
8223e618f64eaca49051c29a29dda4a1
-
SHA1
1f580c7a25335d598f4e90f8a959c9e7c945f9da
-
SHA256
6e64b6d381f2563c2abba6579fd0f25a931064ac2af4504f54b15f7349a36c5f
-
SHA512
ee513d55d2030b709c4392947b9e89cf855cbdcee17826e1b36d1a9a927a41345035f5799b21c9643aa2e0f801443a03b5b328239ba4724a01f2e77d4e79146c
-
SSDEEP
98304:d469N4aCilxKh8P82fnQuTmI22YBvYImca1B4IU6ZRxvRbz:FX4aCif/uIEAIna1B44RxvRbz
Score1/10 -
-
-
Target
S500 RAT/Plugins/HiddenApps.dll
-
Size
62KB
-
MD5
1f85a383f7dfd4b2ad5a231f46bf3533
-
SHA1
2cda68c2949471a4e943de65c0b807b0c3288d75
-
SHA256
77ec9e338acbcced0cd5fae1556ca26ec8d4c493062d27b19f5760938c99e8a9
-
SHA512
8b17f93a0205f7ea991e147600c647647c3ab3c04bc73701c78abbc483723d8628fd1551818ea0db5a49be875f033be42fe0e763e15fca39cdfe303bf9797232
-
SSDEEP
1536:eo3uBLB+Q3rsppzCJWofDmA0wILW/KXRvIHvXBvZ3cjfd:e6uBgzEPkwILW/KBv2FxG
Score1/10 -
-
-
Target
S500 RAT/Plugins/HiddenProgram.dll
-
Size
42KB
-
MD5
e70990638797ad79f862180b9d06b53c
-
SHA1
927db245fd7ae3680256b3de2182a23f92bd4495
-
SHA256
15cc6b2862bae083dc2d6b1c160689e1390a2365aeaa6e70a933e968fbb05dfa
-
SHA512
ba30a39735878d710fc91888c5878c58899e212d9e7faa97602aa945306c6b95351be799141acbf12fba1e81ab1fd6dcddc372229024003011595398aece68bf
-
SSDEEP
768:9KzzyvoqveS5gxa+cmucfIM3hPnfWpGDmIyAPYrRW2d0Pkrrf8eRiGcYX3:9kywq/as3mL1FfgGDmIyAA1WB5eIGcC3
Score1/10 -
-
-
Target
S500 RAT/Plugins/IconLib.dll
-
Size
56KB
-
MD5
af8154cc71e57761a39743861b244870
-
SHA1
929150541747ace403732e884d4679831c372a32
-
SHA256
7804ba869e67a8bd8270461ae75b6d38970c6d855e12f1fea0dfd8713b6f6934
-
SHA512
0392ef618ea7e92ff8075a30df7097b9aed6ec697cc33ab6db8d67d3d856c5d6531b0f548f1e6ac57788e5e7662729fdbf44f6f5575052f05742dce25654fecf
-
SSDEEP
1536:PM4Yb9YM9LQz8h9YOzJdRebvvuln+EaJswp9YZaiybm:Payy0UNtebXuxed9fiyS
Score1/10 -
-
-
Target
S500 RAT/Plugins/Information.dll
-
Size
33KB
-
MD5
9563e173e7c61139d9f4d7c2aaba94f1
-
SHA1
0f5d749f79ed3a4de4d6962530ec98165b0ec92e
-
SHA256
ad9b98e78f8587c15e4464a80554aa714f591f4da203bca1b08aa2aeb12ab3c8
-
SHA512
54e5853fdc3d98835ebc1ecf2981187c2397460c400cb965b2d7ed039e37c5a8ca5a0c1cc30f321b2a76e6d0407d5b7be73ed945ace59213ed1c811b4006f287
-
SSDEEP
768:P/aBkFWaIW3m41SZD/a1XvgKAKmSRXAzBArGHSpec61T2z:XaqZIS1S9SyKAKrhAOryY
Score1/10 -
-
-
Target
S500 RAT/Plugins/Installedsoftwares.dll
-
Size
28KB
-
MD5
6b20c7f7fa597e22e2bb592e82997672
-
SHA1
a414507b7cc5fc0bf234a41c9688745f4401af6a
-
SHA256
a44723ca98059a803723e8830eb6424fcb3a2237026138560bd64f8864343c1d
-
SHA512
7372394cd38efeb171c73d32c0f03785822c3cfdba2b2720aae6181705bdc6e6c0c80effaa444686588f334294ac9e262015b931c076cea04a94682b4fb73d10
-
SSDEEP
768:jEaIhpiKJP2WcFfJ5xnFqK0heZuGRjTpIUdj:jbI3imFaHxnG45lIkj
Score1/10 -
-
-
Target
S500 RAT/S500RAT.exe
-
Size
21.3MB
-
MD5
d6967d80ed4a22c8dfa436f0a8f9d6f4
-
SHA1
a809829519b1d789e4d02ac104daaf4047bb6380
-
SHA256
1a9f1362704fb9aeda9079e2815bfeb6acd4a15cc5fdef78d2afeef2ff6fdf3b
-
SHA512
bd31c7597f65c62374577694c8b394f7b0e8fd45bb8142ec58313d7f6afa35b956d1163bba64a405644029d08d5764dd3f2222723db33209cd69cd70c711ddd6
-
SSDEEP
393216:1/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJGGA3Gj4wKPnjj:11/LFkvPHJZwGn5dChyRpchNBJGJ3NL
-
Detect Xworm Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
S500 RAT/ServerRegistrationManager.exe
-
Size
16.7MB
-
MD5
aa2fc72b58059e5e7e9e7003ab466322
-
SHA1
e171576589134431baccb40d308e7dcbc776e087
-
SHA256
f107c0f275bd1c773e1ff2d78b60a4060b8353b02f45d3892968206fedffdf88
-
SHA512
26d69ad0d3f41bf08585307595e1d670c7d7905e1f86a566a36d9b0c836d3b349a6349e1f2885d433d35bd111f95ce004ae34e81443f96b73e784db3594e3eef
-
SSDEEP
196608:Dh0y2MuVNz+KorG0y2MuVNz+Kk0y2MuVNz+KN0y2MuVNz+KLiQB7Z0/slzLI:ddQVNIGdQVNAdQVNRdQVNfBd+2L
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
S500 RAT/lz4.AnyCPU.loader.dll
-
Size
985KB
-
MD5
c42e778fcd5838b83704a6ddabb60c39
-
SHA1
d47ee0ebbdc412badfb373207aec889798790a93
-
SHA256
6f327812dd62cebbd8ab20b58b0fd3150800199e45b87c0fc8aa569ca7c27e69
-
SHA512
12bc07cfdb826475e66e5a1a3ff6b265baa50e840191cb027146de8d17a0001163b9678e3f7723cdfabaa7b3f93dcca81be86d9c90eb9f266ddd3819a2357101
-
SSDEEP
24576:wc2OYBjTIRL0Q+jDWi8IO6Lls0Uh/z5TyF0Nqxa7+s4EeL4pT:wjjTIRL0Q+jDWi8IO6Lls0Uh/z5TyF0R
Score1/10 -