Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows7_x64 -
resource
win7 -
submitted
28-08-2020 12:55
General
-
Target
frame.bin.exe
-
Size
498KB
-
MD5
2d411dc28a5faeb5893d7769b7c3b8a4
-
SHA1
1db46d9a9e27146ca12dcc9caff51ede700cf026
-
SHA256
b218fb4573b6c8fff51870de463a793238a4f317ce9abdcf8352954f92328eac
-
SHA512
5aab004d78dc87528f8965426d446dde68f8c8ff4a34cfecf1b69ade65b625f15d34fccbf4629ff42e49410379bd447eaa4f2339f11483d950e174a7d5aa8804
Score
10/10
Malware Config
Signatures
-
ObliqueRAT
Remote Access Trojan discovered in early 2020.
-
Executes dropped EXE 2 IoCs
-
Drops startup file 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\frame.bin.exe"C:\Users\Admin\AppData\Local\Temp\frame.bin.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Video\lphsi.exe"C:\Users\Public\Video\lphsi.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Public\Video\hrss.exe"C:\Users\Public\Video\hrss.exe"2⤵
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
-