General
-
Target
d0946249b861c18765875f25655f19ed.exe
-
Size
4.9MB
-
Sample
210226-q1vs444mbs
-
MD5
d0946249b861c18765875f25655f19ed
-
SHA1
1c291d536eb64bce28094c0940e24985596ae992
-
SHA256
c482ebed5672bdbc0cca51b79bbb7babaa82a678142d981a7dd009ad813c20d7
-
SHA512
75d7b63cac5b69b6ebcebb48c405dfc0082c9989d3d0c0235e8c1c6537d3da7755979ffe44d5e89dfcbb1f10e13bc7943f3380e7ef9cf5a9d07651eb0dcd9082
Static task
static1
Behavioral task
behavioral1
Sample
d0946249b861c18765875f25655f19ed.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
d0946249b861c18765875f25655f19ed.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
d0946249b861c18765875f25655f19ed.exe
-
Size
4.9MB
-
MD5
d0946249b861c18765875f25655f19ed
-
SHA1
1c291d536eb64bce28094c0940e24985596ae992
-
SHA256
c482ebed5672bdbc0cca51b79bbb7babaa82a678142d981a7dd009ad813c20d7
-
SHA512
75d7b63cac5b69b6ebcebb48c405dfc0082c9989d3d0c0235e8c1c6537d3da7755979ffe44d5e89dfcbb1f10e13bc7943f3380e7ef9cf5a9d07651eb0dcd9082
Score10/10-
BitRAT Payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-