General

  • Target

    S500 RAT Cracked.zip

  • Size

    57.5MB

  • Sample

    240330-1jzveafb7x

  • MD5

    1d8810a817d4821d04e96a2bac388976

  • SHA1

    22cd25477df396b2aa1f6894a0667e883517fbc4

  • SHA256

    c7ac158c7eeb1f96e4b5b396066915cddb1113fe5e9d46fd27bbca274f6691d6

  • SHA512

    581ca80a2e1badc81aae7f99de2f6d91fc6897f2fb042106db4ce63432e42425371bbeea2d204b2de60083f1208ffd84bb250ded312ba9e76d9dd2471a429bc0

  • SSDEEP

    1572864:rbqQ0Czvhs303/VC2juLaa3rHQxJPm41ohjYMY4:dXdpC2utHU+aohUN4

Score
8/10

Malware Config

Targets

    • Target

      S500 RAT Cracked/S500_unpack.exe

    • Size

      18.0MB

    • MD5

      1dd5e9c04f9939ce8a95b6312d33604d

    • SHA1

      acfddec251fe32021840b983507974e75eb84e2b

    • SHA256

      b612c9d8a24dc1046d5a817981ac735baf7048aa81141c2d2484b8f9301d9863

    • SHA512

      da9b95810f50ac53287ac2c791b444bd061380c157efd9a7930cbb2682a2342605d0b2ca89d6cd39d787e65d45eabef6c0f64b28ba3ccf08f4462c381f44b6c3

    • SSDEEP

      393216:n/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJG8:n1/LFkvPHJZwGn5dChyRpchNBJG8

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks