General
-
Target
0c9e45bf4ffe549dddd3c0735fee3bfee13bb8fa795ac3831ea7cf657dd19dd0
-
Size
2.8MB
-
Sample
210616-t4m33rsm7a
-
MD5
1aed5d95ffc86126b79a9fe69f3f8af4
-
SHA1
de35454b27c455326a5b4974830d32f70058a839
-
SHA256
0c9e45bf4ffe549dddd3c0735fee3bfee13bb8fa795ac3831ea7cf657dd19dd0
-
SHA512
33274d75ae2b56cd403fddf5007a2df2d29f0dd93e043b43bcd292ca370c0b05544dc1c8033279c769fa48fcc8631261cfc5da6f3bc9250dc6b1eea7ddfc2522
Static task
static1
Behavioral task
behavioral1
Sample
0c9e45bf4ffe549dddd3c0735fee3bfee13bb8fa795ac3831ea7cf657dd19dd0.exe
Resource
win7v20210410
Malware Config
Extracted
njrat
Carbonblack2102
batvoi
1368.vnh.wtf:5552
0de45b5c6627a3e65a4b2a1e68ec841b
-
reg_key
0de45b5c6627a3e65a4b2a1e68ec841b
-
splitter
|'|'|
Targets
-
-
Target
0c9e45bf4ffe549dddd3c0735fee3bfee13bb8fa795ac3831ea7cf657dd19dd0
-
Size
2.8MB
-
MD5
1aed5d95ffc86126b79a9fe69f3f8af4
-
SHA1
de35454b27c455326a5b4974830d32f70058a839
-
SHA256
0c9e45bf4ffe549dddd3c0735fee3bfee13bb8fa795ac3831ea7cf657dd19dd0
-
SHA512
33274d75ae2b56cd403fddf5007a2df2d29f0dd93e043b43bcd292ca370c0b05544dc1c8033279c769fa48fcc8631261cfc5da6f3bc9250dc6b1eea7ddfc2522
-
Taurus Stealer Payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-