General
-
Target
6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe
-
Size
203KB
-
Sample
210504-1nf5lvb5sa
-
MD5
fb5f1a2f214dc8774c41d7a67965a733
-
SHA1
07bb74780172f5dd719e7c392817a0aaad27f173
-
SHA256
6bd0f63d69ebaa8e28b21e9b0f5c02e05c1213535b2881d080db1d09082e9f1d
-
SHA512
3ff2cffda73daf67b3da8c1a8a841183b97e4a6c0d3a9e62c86d7e50476ae748439b5cd61051fabd8a869e60b404b3df549700a8ace941dfbd4da241b27cd56d
Static task
static1
Behavioral task
behavioral1
Sample
6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe
-
Size
203KB
-
MD5
fb5f1a2f214dc8774c41d7a67965a733
-
SHA1
07bb74780172f5dd719e7c392817a0aaad27f173
-
SHA256
6bd0f63d69ebaa8e28b21e9b0f5c02e05c1213535b2881d080db1d09082e9f1d
-
SHA512
3ff2cffda73daf67b3da8c1a8a841183b97e4a6c0d3a9e62c86d7e50476ae748439b5cd61051fabd8a869e60b404b3df549700a8ace941dfbd4da241b27cd56d
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-