Overview

overview

10

Static

static

10

S-400 RAT v3.0.7z

windows10-2004-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    S-400 RAT v3.0.7z

  • Size

    9.2MB

  • MD5

    3ac05d552a3f0d1285e5933139369ecd

  • SHA1

    d7cb0d6cff8085684ca235b40c8d74b565545bb0

  • SHA256

    137713b97b5c79056269e461c454cfff281fe2e1b6a1ab69e1c8302cb35aa9b8

  • SHA512

    419fde2888b221f776e8cf24cb1c9b02bdf30c05ee91390586eccb2fdf2082f4f039726bc7ed7b58dbfd8e4ce3b8186988e5a497bee1dd070c16a13221e92b2d

  • SSDEEP

    196608:wfoIu+BskkZd8HlE+n3m5mdvanVQo33hhent41nzW6k1Mi0V0Q8JY6byT:wfoIzBlhlEQmUdviQobDW23gYUi

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 45 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\S-400 RAT v3.0.7z"
    1⤵
    • Modifies registry class
    PID:1808
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2592

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads