General
-
Target
S500 RAT Cracked.zip
-
Size
57.5MB
-
Sample
240330-1jzveafb7x
-
MD5
1d8810a817d4821d04e96a2bac388976
-
SHA1
22cd25477df396b2aa1f6894a0667e883517fbc4
-
SHA256
c7ac158c7eeb1f96e4b5b396066915cddb1113fe5e9d46fd27bbca274f6691d6
-
SHA512
581ca80a2e1badc81aae7f99de2f6d91fc6897f2fb042106db4ce63432e42425371bbeea2d204b2de60083f1208ffd84bb250ded312ba9e76d9dd2471a429bc0
-
SSDEEP
1572864:rbqQ0Czvhs303/VC2juLaa3rHQxJPm41ohjYMY4:dXdpC2utHU+aohUN4
Behavioral task
behavioral1
Sample
S500 RAT Cracked/S500_unpack.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
S500 RAT Cracked/S500_unpack.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
S500 RAT Cracked/S500_unpack.exe
-
Size
18.0MB
-
MD5
1dd5e9c04f9939ce8a95b6312d33604d
-
SHA1
acfddec251fe32021840b983507974e75eb84e2b
-
SHA256
b612c9d8a24dc1046d5a817981ac735baf7048aa81141c2d2484b8f9301d9863
-
SHA512
da9b95810f50ac53287ac2c791b444bd061380c157efd9a7930cbb2682a2342605d0b2ca89d6cd39d787e65d45eabef6c0f64b28ba3ccf08f4462c381f44b6c3
-
SSDEEP
393216:n/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJG8:n1/LFkvPHJZwGn5dChyRpchNBJG8
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-