General
-
Target
Terms and Conditions pdf.exe
-
Size
1.1MB
-
Sample
210624-cckg9swhja
-
MD5
07d781828a2e31ae1748f114c5fe9fd5
-
SHA1
e46c87bddf2227c583a2c9e30ee9984db82b32a2
-
SHA256
e6df0473885248cf7c449ac57120d90c000ee847f27452a426d4bb3e7e0fee7a
-
SHA512
43f14fb5d51f7e56a1469af96adfb7df3de06a06b58a225f020623f97d44e36f864a5b755c79dad9322edf1da3d557cc271742b77b0e5df46b3796d2003da951
Static task
static1
Behavioral task
behavioral1
Sample
Terms and Conditions pdf.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Terms and Conditions pdf.exe
-
Size
1.1MB
-
MD5
07d781828a2e31ae1748f114c5fe9fd5
-
SHA1
e46c87bddf2227c583a2c9e30ee9984db82b32a2
-
SHA256
e6df0473885248cf7c449ac57120d90c000ee847f27452a426d4bb3e7e0fee7a
-
SHA512
43f14fb5d51f7e56a1469af96adfb7df3de06a06b58a225f020623f97d44e36f864a5b755c79dad9322edf1da3d557cc271742b77b0e5df46b3796d2003da951
-
BitRAT Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-