Overview

overview

10

Static

static

1

ShadowNet.cmd

windows10-2004-x64

10

ShadowNet.cmd

windows11-21h2-x64

8

ShadowRatControll.cmd

windows10-2004-x64

8

ShadowRatControll.cmd

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ShadowNet.zip

  • Size

    1KB

  • Sample

    240511-n16m3ahg24

  • MD5

    fb7389643be1f1dc0417a944e8681ff9

  • SHA1

    59907a24b567edd6366a8a3b0b9cedc2fe70494f

  • SHA256

    f09f1e068a0bf38497bd4e35e8e9b8a640c6ed4bff0c0fe9a86db2befe958f26

  • SHA512

    d2345ba1464ea26ad695d87270d40da9cce488cea1c62c082d6d2dd4143ac249731586eae4b2223a390d8743309821fea1e660ad2754e32117bd02c3a179cae6

Score
10/10
evasionexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http:// 10.127.1.36:65535/script.ps1

Targets

    • Target

      ShadowNet.cmd

    • Size

      1KB

    • MD5

      eff4712f45313d0756a8f37028e9b155

    • SHA1

      ef57f064430d43a2600df395e50c025ec760fcbe

    • SHA256

      310b1f085793d2f4c0bbfd20f841ba3ead35e2d7d6f454849efb9c80d5c65834

    • SHA512

      2bbd3e1d7f11ee62e7378f1b00d2eae448143d3e894be6a7133e0126e61160b73fc83a5ad8b981212b94d4dcaeeb2d1f4ace0d795d5e0d762e531a7d36f956f7

    Score
    10/10
    evasionexecution
    behavioral1behavioral2

    • Target

      ShadowRatControll.cmd

    • Size

      602B

    • MD5

      2e2408bf86c1692a75fd83903b2cab4f

    • SHA1

      726e9aee1fdfa97eb80e1f872b824678339fbb33

    • SHA256

      ddccf46bc8232e081972d2754279d7480595f6f5238ed1db01bb01d43694f645

    • SHA512

      3b71f1831a907114a512475f6a4b5cbdcad2b0e721c46d7a91cd37eab6c0bf51f2a6d6afd751065f43904fcd702fbf93a3ec6d86a2b0c6ef9f73bd44b606b7e7

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

3
T1059

PowerShell

2
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks