Overview

overview

10

Static

static

4

Powershell...19.pdf

windows7-x64

3

Powershell...19.pdf

windows10-2004-x64

3

Powershell...il.bat

windows7-x64

8

Powershell...il.bat

windows10-2004-x64

8

Powershell...il.ps1

windows7-x64

10

Powershell...il.ps1

windows10-2004-x64

10

Powershell...il.vbs

windows7-x64

3

Powershell...il.vbs

windows10-2004-x64

3

Powershell...RAT.py

ubuntu-18.04-amd64

1

Powershell...RAT.py

debian-9-armhf

1

Powershell...RAT.py

debian-9-mips

1

Powershell...RAT.py

debian-9-mipsel

1

Powershell...ot.bat

windows7-x64

8

Powershell...ot.bat

windows10-2004-x64

8

Powershell...ot.ps1

windows7-x64

3

Powershell...ot.ps1

windows10-2004-x64

3

Powershell...ot.vbs

windows7-x64

3

Powershell...ot.vbs

windows10-2004-x64

3

Powershell...ot.bat

windows7-x64

8

Powershell...ot.bat

windows10-2004-x64

8

Powershell...ot.ps1

windows7-x64

3

Powershell...ot.ps1

windows10-2004-x64

3

Powershell...ot.vbs

windows7-x64

3

Powershell...ot.vbs

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Powershell-RAT-master.zip

  • Size

    2.1MB

  • MD5

    5a3d32d8f736893d4636ecf436e7fc5a

  • SHA1

    a6e7d9b79c5a3ca1c463d2de0936da11375246bc

  • SHA256

    65095c78b56deeef012e313433b468e52db694f21148ed6c47aa8ef97382cecf

  • SHA512

    dc1810c00a244d0606e04eba26b06b4ad353616fffc845d6e3490b2f5baea0b2c5ba7423ae6d94f4b2425f15ef5866ed7a6694e2989b73cc5169ce57ea86917c

  • SSDEEP

    49152:wRhlMNut5oZj3yZKrAl2UvrSAs72QTp453Ftl8oR2k/7dcG7mw:wzlMNUyZj3ydlB2AsSQdQ/l8oV7dcgb

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • Powershell-RAT-master.zip
    .zip
  • Powershell-RAT-master/BlackHat USA 2019 Presentation/PowerShell-RAT - BlackHat USA 2019.pdf
    .pdf

    • http://MailClip.ps

    • http://MailLogs.ps

    • http://en-USMail.ps

    • https://developers.google.com/docs/api/quickstart/python

    • https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8

    • https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-clipboard?view=powershell-5.1https://developers.google.com/docs/api/quickstart/pythonhttps://github.com/googleapis/google-api-python-clienthttps://www.pdq.com/blog/powershell-send-mailmessage-gmail/https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowshookexahttps://docs.microsoft.com/en-us/windows/win32/winmsg/about-hooksSandeep

    • https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-clipboard?view=powershell-5.1

    • https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowshookexa

    • https://docs.microsoft.com/en-us/windows/win32/winmsg/about-hooks

    • Show all
  • Powershell-RAT-master/Mail.bat
  • Powershell-RAT-master/Mail.ps1
    .ps1
  • Powershell-RAT-master/Mail.vbs
    .vbs
  • Powershell-RAT-master/PowershellRAT.py
    .py .sh linux
  • Powershell-RAT-master/README.md
  • Powershell-RAT-master/Shoot.bat
  • Powershell-RAT-master/Shoot.ps1
    .ps1
  • Powershell-RAT-master/Shoot.vbs
    .vbs
  • Powershell-RAT-master/delScreenShot.bat
  • Powershell-RAT-master/delScreenShot.ps1
  • Powershell-RAT-master/delScreenShot.vbs
    .vbs