IOC Radar Logo
IOCRadar
IOC Radar Logo
IOCRadar

22c79153e0519f13b575f4bfc65a5280ff93e054099f9356a842ce3266e40c3d

Hash
18%
SIGNAL STRENGTHQuiet
FIRST SEEN2025-03-06 00:14:39
LAST SEEN2025-04-25 16:58:25
CATEGORY
malware
win32 malware
trojan malware
malware deployment via trojanized software
operation system spesific attack(windows os)
software exploitation
MITRE
T1059 - Command and Scripting Interpreter
T1105 - Ingress Tool Transfer
T1027 - Obfuscated Files or Information
T1555.005 - Password Managers
T1071 - Application Layer Protocol
T1566 - Phishing
T1041 - Exfiltration Over Command and Control Channel
T1078.001 - Default Accounts
T1195.002 - Compromise Software Supply Chain
T1204 - User Execution
TAGS
scripting
ingress tool transfer
command execution
command and control
remote services
code execution
malicious software
process injection
distributed attacks
credential access
Eye Icon
SOCRadar
AI Insight

The presence of SHA256 hash 22c79153e0519f13b575f4bfc65a5280ff93e054099f9356a842ce3266e40c3d indicates a potential compromise, potentially linked to the Sandworm APT group. This hash, associated with a file named sysupdate.exe and related to a trojanized KMS tool targeting Windows 11, strongly suggests the possible deployment of the DcRAT remote access trojan within the environment. This poses a significant risk of unauthorized access, data theft, and further malicious activity. The detection of this IOC, sourced from reputable threat intelligence feeds, warrants immediate and thorough investigation.

Summary

Hash Type:
sha256
MD5:
-
SHA-1:
-
SHA-256:
-
Files:
-
File Type:
-

Top Classifications

Campaign:
-
Industry:
-
Country:
-
Region:
-
Threat Actors:
-
Malware:
-

Feed Sources

Feed Source
Count
Date
SOCRadar Threat Exchange Services
1
2025-04-25
AlienVault OTX Feeds
3
2025-03-23

Threat Activity Timeline

Last 24 hours
Minimal Activity
Last 7 Days
Minimal Activity
Last Month
Minimal Activity
Last 3 Months
Minimal Activity
Extended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.