General
-
Target
sz.exe
-
Size
10.5MB
-
Sample
201224-a2kmhy4ma2
-
MD5
a84b3b7ebad4e58b005fb502e2765e04
-
SHA1
9ac61b73f987b7d815ca8d06a6e064dcd4d6f849
-
SHA256
c397eb85439a20b9185e001ec8cd286281d27d6be336d32e93558e451e6aeeeb
-
SHA512
dab4984405ae8092354d4232c71eb454f86111b12116674aed620d00561e3ea6dbd3798bda14fe755a7a2d45896ed32dd763fdff3711b7cf0cb94763107ed135
Static task
static1
Behavioral task
behavioral1
Sample
sz.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
sz.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
sz.exe
-
Size
10.5MB
-
MD5
a84b3b7ebad4e58b005fb502e2765e04
-
SHA1
9ac61b73f987b7d815ca8d06a6e064dcd4d6f849
-
SHA256
c397eb85439a20b9185e001ec8cd286281d27d6be336d32e93558e451e6aeeeb
-
SHA512
dab4984405ae8092354d4232c71eb454f86111b12116674aed620d00561e3ea6dbd3798bda14fe755a7a2d45896ed32dd763fdff3711b7cf0cb94763107ed135
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Async RAT payload
-
XMRig Miner Payload
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-