d410dcbc5db8abc8183a6bed991796fea78ddec35c58e1738d2aebfe881db8de | Triage

Sharing

General

Target

ShadowNet.zip
Size

1011B
Sample

240511-nnkj3ahb52
MD5

45062780a00c399d2732dc95d6212111
SHA1

55147a8e0ccbfcb7f2037d26785cfdce15d11d96
SHA256

d410dcbc5db8abc8183a6bed991796fea78ddec35c58e1738d2aebfe881db8de
SHA512

f872fba54d1a3003672d66175762d51aed2298f4e3da1ba1485a13106400fbc1c06469b66f01f5418cfe4d86f84d1d53f01edbbbd9e50df37359ceaae50f4d41

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://10.127.0.83:8080/script.ps1

Targets

- Target
  
  ShadowNet.cmd
- Size
  
  910B
- MD5
  
  8abd83ade831474a6be58f4c977f9c5e
- SHA1
  
  4ad98ab76bb80bb761a9804bde10f825157ac546
- SHA256
  
  7d97d6f4c1e747c765ee4aac95e98d64513bf19d6a3fa236feaaa2369bf9ad38
- SHA512
  
  776bb7779bd83323e6fda69e3d12dc4c91c3d9efd167ccdd3897086310feb7b76fcd7471395ba4743b9a642d326d4c6a3def8e45ffaba2cdbc6370ef31e903df
Score

10^/10

execution
behavioral1 behavioral2
- Target
  
  ShadowRatControll.cmd
- Size
  
  527B
- MD5
  
  07afb099a19e61130a3aa2a128ffdd97
- SHA1
  
  b6ee5580018410b0a2d41c5282a39459fd937f3a
- SHA256
  
  6a796d4829ed7e578d6a74a18774dd888db131029c19a0821c6b8d67efe2cfcc
- SHA512
  
  dd90bd56faf45541c1a77f6b117119753fa28fcdd6fe657a6aa1a2418dfe4f403a89990371fe3e0c809bf6fafe6acfbd7034ebdc68bf924aef69a30817d4da43
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4