General

  • Target

    ShadowRat.exe

  • Size

    14.2MB

  • Sample

    240511-l6zetscb5w

  • MD5

    7bb46c837fff3ceb3afd6cfdf3913395

  • SHA1

    1c4e13e09f8685affcf107cb7512c2f2c34a6edc

  • SHA256

    633cc01cdc98ff3b25ee6905ae52d4c192f76ae288237c094799003808c3a8f8

  • SHA512

    49255844aaf1276f7268ee12cc5ba86515ea1ca94b2a18a698e68f6d45f6a55cfe603440e1d3f51be977a5a94d9b890543e08246ad590ff21187d7cfc87ea8af

  • SSDEEP

    393216:Am4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:A4jFG821QtIZa8DZcJ8NXTOK

Malware Config

Targets

    • Target

      ShadowRat.exe

    • Size

      14.2MB

    • MD5

      7bb46c837fff3ceb3afd6cfdf3913395

    • SHA1

      1c4e13e09f8685affcf107cb7512c2f2c34a6edc

    • SHA256

      633cc01cdc98ff3b25ee6905ae52d4c192f76ae288237c094799003808c3a8f8

    • SHA512

      49255844aaf1276f7268ee12cc5ba86515ea1ca94b2a18a698e68f6d45f6a55cfe603440e1d3f51be977a5a94d9b890543e08246ad590ff21187d7cfc87ea8af

    • SSDEEP

      393216:Am4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:A4jFG821QtIZa8DZcJ8NXTOK

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks