General
-
Target
ShadowRat.exe
-
Size
14.2MB
-
Sample
240511-l14scsef55
-
MD5
8c4d216d222b661b28b1b95785aab659
-
SHA1
9d7c47a31996a08b5404c63991186306b4f5b83b
-
SHA256
13c071da22f6c14143bc1762ef115fd4fabb8449621308c676191ba10a4c9929
-
SHA512
935360b49894312fd5be98111021857872492dfb85372b7210ae98d9f8478c963d9eef217f14b59490de3e0605a6dfcabb619208228ae6c3a8307d95bae03606
-
SSDEEP
393216:Jm4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:J4jFG821QtIZa8DZcJ8NXTOK
Behavioral task
behavioral1
Sample
ShadowRat.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
ShadowRat.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
ShadowRat.exe
-
Size
14.2MB
-
MD5
8c4d216d222b661b28b1b95785aab659
-
SHA1
9d7c47a31996a08b5404c63991186306b4f5b83b
-
SHA256
13c071da22f6c14143bc1762ef115fd4fabb8449621308c676191ba10a4c9929
-
SHA512
935360b49894312fd5be98111021857872492dfb85372b7210ae98d9f8478c963d9eef217f14b59490de3e0605a6dfcabb619208228ae6c3a8307d95bae03606
-
SSDEEP
393216:Jm4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:J4jFG821QtIZa8DZcJ8NXTOK
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-