General
-
Target
2024-05-24_709ed19b7a560246f2d8be96d1a426e1_megazord
-
Size
4.1MB
-
Sample
240524-kmxlfsbe6t
-
MD5
709ed19b7a560246f2d8be96d1a426e1
-
SHA1
b5aab1c97e3c235931fa31765eb42cc58a3a79a3
-
SHA256
4906a283d9ac5b358a5ed6967b0518ff934c0373add85a15b433cb536b0d97ef
-
SHA512
12e21a160f3d8eeaf61827d8b07a91c27e65dea831493fb6c20c8177d55b7b2d378faf439187948c42aba4721afdccea7c5bd093609fac698a7066c0bdcb50b9
-
SSDEEP
49152:NlN0gW7O2/4DkO2srmDrPP1hvauFUHu480TJenr1vJb:N7HG3nf0TJeJt
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-24_709ed19b7a560246f2d8be96d1a426e1_megazord.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-24_709ed19b7a560246f2d8be96d1a426e1_megazord.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
asyncrat
2.0.0
Default
webwhatsapp.cc:65503
ShiningForceRatMutex_cs_cs_cs
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-05-24_709ed19b7a560246f2d8be96d1a426e1_megazord
-
Size
4.1MB
-
MD5
709ed19b7a560246f2d8be96d1a426e1
-
SHA1
b5aab1c97e3c235931fa31765eb42cc58a3a79a3
-
SHA256
4906a283d9ac5b358a5ed6967b0518ff934c0373add85a15b433cb536b0d97ef
-
SHA512
12e21a160f3d8eeaf61827d8b07a91c27e65dea831493fb6c20c8177d55b7b2d378faf439187948c42aba4721afdccea7c5bd093609fac698a7066c0bdcb50b9
-
SSDEEP
49152:NlN0gW7O2/4DkO2srmDrPP1hvauFUHu480TJenr1vJb:N7HG3nf0TJeJt
Score10/10-
Detects executables attemping to enumerate video devices using WMI
-
Detects executables containing the string DcRatBy
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-