General
-
Target
2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord
-
Size
3.9MB
-
Sample
240531-bllywsae54
-
MD5
6b3eb8da9f60c431005ead6a739e6f4a
-
SHA1
efd48593dc24cfd2e01fc35f2bc0c40fdb4211ed
-
SHA256
c27ce7e1c51bc329a5b628607decd994606bd816eb3c43987c8be68a52fff5d8
-
SHA512
f67df32420033402a8bee083bc2f6c3cf56689df802dc7715e7b3e0adf8d8d043d1fee7d3549a0c19808dcb2cb43f55283b54a90f15dc74c9dbee5de288b133f
-
SSDEEP
49152:N4dRnLKzYDdG6JC0bXDRi7FuaWeKYPUgOWUoEqXJ+KGxA1f6lrkdMDYQ:Ngkd9c/KGhydMDY
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
asyncrat
2.0.0
Default
webwhatsapp.cc:65503
ShiningForceRatMutex_cs_cs_cs
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord
-
Size
3.9MB
-
MD5
6b3eb8da9f60c431005ead6a739e6f4a
-
SHA1
efd48593dc24cfd2e01fc35f2bc0c40fdb4211ed
-
SHA256
c27ce7e1c51bc329a5b628607decd994606bd816eb3c43987c8be68a52fff5d8
-
SHA512
f67df32420033402a8bee083bc2f6c3cf56689df802dc7715e7b3e0adf8d8d043d1fee7d3549a0c19808dcb2cb43f55283b54a90f15dc74c9dbee5de288b133f
-
SSDEEP
49152:N4dRnLKzYDdG6JC0bXDRi7FuaWeKYPUgOWUoEqXJ+KGxA1f6lrkdMDYQ:Ngkd9c/KGhydMDY
-
Detects executables attemping to enumerate video devices using WMI
-
Detects executables containing the string DcRatBy
-
Suspicious use of SetThreadContext
-