General
-
Target
comparendopicoycedula365215999runtcomco.exe
-
Size
2.3MB
-
Sample
210420-nc34wpgble
-
MD5
44bc0732e9c6deb1f912ddbd055efac3
-
SHA1
99f1c521d68f068c735c842504f01f5678ddb157
-
SHA256
368e9e3d450bae08f20e5ab0937dcd47a03835daabe900ddf87c746fb99a50fb
-
SHA512
a4a7077d06b2c1059c48abb2ea9ce1c669214e4621e3bf9cfc35b67a4411a22d60d4019588c47e0b9a2b3d2d5e06a427417598cd5183a9a8be0bb33a227d7d2a
Static task
static1
Behavioral task
behavioral1
Sample
comparendopicoycedula365215999runtcomco.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
comparendopicoycedula365215999runtcomco.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
comparendopicoycedula365215999runtcomco.exe
-
Size
2.3MB
-
MD5
44bc0732e9c6deb1f912ddbd055efac3
-
SHA1
99f1c521d68f068c735c842504f01f5678ddb157
-
SHA256
368e9e3d450bae08f20e5ab0937dcd47a03835daabe900ddf87c746fb99a50fb
-
SHA512
a4a7077d06b2c1059c48abb2ea9ce1c669214e4621e3bf9cfc35b67a4411a22d60d4019588c47e0b9a2b3d2d5e06a427417598cd5183a9a8be0bb33a227d7d2a
Score10/10-
BitRAT Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-