Managed XDR

client.exe (RADX RAT) — malware analysis report

File info

Filename
client.exe
File type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size
1.1 MB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
0d6dbb909a501d4b35b242967cbd1e8a0217f49d
SHA256
0d11b58a3edb24807b95e975543433ccf8ab207c49e5c82c26723c2889dc1215
MD5
998cd6b8be154edbd93f05e25369ea7e

Malwares

  • RADX RAT

Signatures

Execution

T1047 has_wmi: Executes one or several WMI requests

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
create_rpc_bindings: Creates RPC connection
require_administrator: Requests administrator privileges
dotnet_embeded_dependencies_by_costura: Dotnet program has embedded dependencies by Costura
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
dotnet_suspicious_entrypoint: Dotnet program has suspicious entrypoint
dotnet_downloader_possible_network_problem: Dotnet program possibly has network problem

Related reports