General
-
Target
INVOICE-ORDER CONFIRM.exe
-
Size
3.1MB
-
Sample
210306-clpm4sxgpx
-
MD5
6282b0c5f353fb2e52ef52934fdf4c9a
-
SHA1
351978b673a71d15ed2d3c881457e4aebb4a286f
-
SHA256
5586ef434d41ac7bb60ad57a628edf85fcc53ec6617680e3b77730054eb1076d
-
SHA512
8e7a1290422fd2cd7330c12bf91caee4335e094c0522f19a0a7750c4a6f10b9dfe0dd0c733661ec7b6815f0885bdc2b083fbfc78f91fef93ab14bb46b7895e19
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE-ORDER CONFIRM.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
INVOICE-ORDER CONFIRM.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
INVOICE-ORDER CONFIRM.exe
-
Size
3.1MB
-
MD5
6282b0c5f353fb2e52ef52934fdf4c9a
-
SHA1
351978b673a71d15ed2d3c881457e4aebb4a286f
-
SHA256
5586ef434d41ac7bb60ad57a628edf85fcc53ec6617680e3b77730054eb1076d
-
SHA512
8e7a1290422fd2cd7330c12bf91caee4335e094c0522f19a0a7750c4a6f10b9dfe0dd0c733661ec7b6815f0885bdc2b083fbfc78f91fef93ab14bb46b7895e19
Score10/10-
BitRAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-