Overview

overview

10

Static

static

8

RAT/Adwind.jar

windows7-x64

10

RAT/Adwind.jar

windows10-2004-x64

10

RAT/CobaltStrike.docm

windows7-x64

10

RAT/CobaltStrike.docm

windows10-2004-x64

10

RAT/CrimsonRAT.exe

windows7-x64

10

RAT/CrimsonRAT.exe

windows10-2004-x64

10

RAT/NetWire.doc

windows7-x64

10

RAT/NetWire.doc

windows10-2004-x64

7

RAT/VanToM-Rat.exe

windows7-x64

7

RAT/VanToM-Rat.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAT.zip

  • Size

    3.3MB

  • MD5

    903beb9c404e734ecb94ff771df81a17

  • SHA1

    a6d771037f370909e1637a683902a8fa2050e900

  • SHA256

    a27ff09ec8cbc4b9bad0679d8922ed1dd22fbf9bcf472ba69c1e413e6785dfa3

  • SHA512

    f4314bbd478c984e2da8cee39d60d78033e643ff9877b4758b8144f85b96c68d026f867d150f79c79bb0ce36b28cd63763e81c36c9cf8ec631d1dd447f094392

  • SSDEEP

    49152:XaoQKZtf5ApLv4s+SelbXdkFgMxf4HuqM+QqKEUCPtppfIN5H3N55ztvhDbcqfpc:9tfeDmhXdckuXqxlPaD3xzt5XVnI

Score
8/10
macromacro_on_action

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

    macro
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • RAT.zip
    .zip
  • RAT/Adwind.exe
    .jar
  • RAT/CobaltStrike.doc
    .docm .doc office2007
  • RAT/CrimsonRAT.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • RAT/NetWire.doc
    .doc windows office2003

    ThisDocument

    HauteGaronne

  • RAT/VanToM-Rat.bat
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections