Overview

overview

10

Static

static

1

ShadowNet.cmd

windows10-2004-x64

10

ShadowRatControll.cmd

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ShadowNet.zip

  • Size

    1KB

  • Sample

    240511-nwnxfshe43

  • MD5

    02dccbb6f3bf8c5b02d3b403f52d6e2d

  • SHA1

    83e709bc7d605b3bf03c5c24e77246386978da11

  • SHA256

    7c84d31059e133b6dd6396cb66583d05c96fa755314afbcf1198b4408c02b1cc

  • SHA512

    c2d4e4a0ea041e399822917e095eb7b5b62d72921961a2d4c9c2c48124e0c92810d5f1b043349c69e3a70cfbef0bf3ab3f56758c8f31b16e19e134db97f5f1aa

Score
10/10
evasionexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://10.127.1.21:8080/script.ps1

Targets

    • Target

      ShadowNet.cmd

    • Size

      1KB

    • MD5

      0d684927cbb403c2e495ab2ae96ab750

    • SHA1

      4c34100a17e2ef2a2eaa68d3eb9890d055209d71

    • SHA256

      983deef20782152ffe2c116fed3a33b17b83bc88a82bff22e95a24154f0a1cfe

    • SHA512

      866e011c1c4397ff50f20c9ff2024fdaf450759f925de53b8b9ed5a599413e968818abdbae43ce7d9bacc1c16b9f78c41aa7d277096f60ff3ddae791a89cb0cd

    Score
    10/10
    evasionexecution
    behavioral1

    • Target

      ShadowRatControll.cmd

    • Size

      527B

    • MD5

      07afb099a19e61130a3aa2a128ffdd97

    • SHA1

      b6ee5580018410b0a2d41c5282a39459fd937f3a

    • SHA256

      6a796d4829ed7e578d6a74a18774dd888db131029c19a0821c6b8d67efe2cfcc

    • SHA512

      dd90bd56faf45541c1a77f6b117119753fa28fcdd6fe657a6aa1a2418dfe4f403a89990371fe3e0c809bf6fafe6acfbd7034ebdc68bf924aef69a30817d4da43

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

3
T1059

PowerShell

2
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks