General
-
Target
Invoice & BACS Document.exe
-
Size
27KB
-
Sample
210416-v1eb5ertqs
-
MD5
187fd3e6e9fe221f718a07b79c674219
-
SHA1
c0241df055e89fb1ac9b13951bd97ac63b5d92c9
-
SHA256
9bd40875855805f12dbb568e48036b669bf1768227f80d2666e5bc3d71f51474
-
SHA512
a911713b66de75fa358bdde587960f3154c08a8dee7fc139968b7e99a215370ce5b162ac7e9e735878715e53ebee0b16e6f0732d96c36cb16be1ae8bfe2c9101
Static task
static1
Behavioral task
behavioral1
Sample
Invoice & BACS Document.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Invoice & BACS Document.exe
-
Size
27KB
-
MD5
187fd3e6e9fe221f718a07b79c674219
-
SHA1
c0241df055e89fb1ac9b13951bd97ac63b5d92c9
-
SHA256
9bd40875855805f12dbb568e48036b669bf1768227f80d2666e5bc3d71f51474
-
SHA512
a911713b66de75fa358bdde587960f3154c08a8dee7fc139968b7e99a215370ce5b162ac7e9e735878715e53ebee0b16e6f0732d96c36cb16be1ae8bfe2c9101
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Async RAT payload
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-