General
-
Target
Powershell-RAT-master.zip
-
Size
2.1MB
-
MD5
5a3d32d8f736893d4636ecf436e7fc5a
-
SHA1
a6e7d9b79c5a3ca1c463d2de0936da11375246bc
-
SHA256
65095c78b56deeef012e313433b468e52db694f21148ed6c47aa8ef97382cecf
-
SHA512
dc1810c00a244d0606e04eba26b06b4ad353616fffc845d6e3490b2f5baea0b2c5ba7423ae6d94f4b2425f15ef5866ed7a6694e2989b73cc5169ce57ea86917c
-
SSDEEP
49152:wRhlMNut5oZj3yZKrAl2UvrSAs72QTp453Ftl8oR2k/7dcG7mw:wzlMNUyZj3ydlB2AsSQdQ/l8oV7dcgb
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
Powershell-RAT-master.zip
-
Powershell-RAT-master/BlackHat USA 2019 Presentation/PowerShell-RAT - BlackHat USA 2019.pdf
-
https://myaccount.google.com/lesssecureapps
-
https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8
-
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-clipboard?view=powershell-5.1
-
https://developers.google.com/docs/api/quickstart/python
-
https://github.com/googleapis/google-api-python-client
-
https://www.pdq.com/blog/powershell-send-mailmessage-gmail/
-
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowshookexa
-
https://docs.microsoft.com/en-us/windows/win32/winmsg/about-hooks
-
https://github.com/Viralmaniarhttps://twitter.com/maniarviralhttps://www.linkedin.com/in/viralmaniarhttps://viralmaniar.github.io/
- Show all
-
-
Powershell-RAT-master/Mail.bat
-
Powershell-RAT-master/Mail.ps1
-
Powershell-RAT-master/Mail.vbs
-
Powershell-RAT-master/PowershellRAT.py
-
Powershell-RAT-master/README.md
-
Powershell-RAT-master/Shoot.bat
-
Powershell-RAT-master/Shoot.ps1
-
Powershell-RAT-master/Shoot.vbs
-
Powershell-RAT-master/delScreenShot.bat
-
Powershell-RAT-master/delScreenShot.ps1
-
Powershell-RAT-master/delScreenShot.vbs