General
-
Target
Scan_0011121021000.exe
-
Size
1.9MB
-
Sample
210106-raev6tyakn
-
MD5
dfbdf304ffb322276a26f4d7ac26ea34
-
SHA1
5fd5e24be102441882add9a32e432ac32333ca6d
-
SHA256
738e16b6660e32ed957f9fd9e0c5cea56b1aaa7695bcdb56998ca9866071e32b
-
SHA512
09454ca8e82c963fc9caa564057f6bd4c6cd2f974f9ce42a4bbb1910ef21223398420e0d8748069194499ecbd5b9b8f9905d05f45c760b422161d7785eaa8acb
Static task
static1
Behavioral task
behavioral1
Sample
Scan_0011121021000.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Scan_0011121021000.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Scan_0011121021000.exe
-
Size
1.9MB
-
MD5
dfbdf304ffb322276a26f4d7ac26ea34
-
SHA1
5fd5e24be102441882add9a32e432ac32333ca6d
-
SHA256
738e16b6660e32ed957f9fd9e0c5cea56b1aaa7695bcdb56998ca9866071e32b
-
SHA512
09454ca8e82c963fc9caa564057f6bd4c6cd2f974f9ce42a4bbb1910ef21223398420e0d8748069194499ecbd5b9b8f9905d05f45c760b422161d7785eaa8acb
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-