General

  • Target

    ShadowRat.exe

  • Size

    14.2MB

  • Sample

    240511-l945gscc5w

  • MD5

    1017eb7001c3be5fcac85e3b791d606d

  • SHA1

    ceb33f03ebb509ab8ec21a6bc17bb68ab8a849b3

  • SHA256

    88d4a941adab14cf4c375dfef4751472828b3e0ed68faf8e7d0621dc9cfa9e86

  • SHA512

    6fda02560857b0085f74b75ded6682a09d7afbcf650cab2a7d472e64515ff1e13507397d92156c9c65573f70192d280812e27fed91fed50d0bb25f1bee9db5e3

  • SSDEEP

    393216:Om4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:O4jFG821QtIZa8DZcJ8NXTOK

Malware Config

Targets

    • Target

      ShadowRat.exe

    • Size

      14.2MB

    • MD5

      1017eb7001c3be5fcac85e3b791d606d

    • SHA1

      ceb33f03ebb509ab8ec21a6bc17bb68ab8a849b3

    • SHA256

      88d4a941adab14cf4c375dfef4751472828b3e0ed68faf8e7d0621dc9cfa9e86

    • SHA512

      6fda02560857b0085f74b75ded6682a09d7afbcf650cab2a7d472e64515ff1e13507397d92156c9c65573f70192d280812e27fed91fed50d0bb25f1bee9db5e3

    • SSDEEP

      393216:Om4MjFG821+TtIiFqY9Z8D8Ccl78NcMgBYh6x9KC:O4jFG821QtIZa8DZcJ8NXTOK

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks