General
-
Target
today.exe
-
Size
6.6MB
-
Sample
210714-96mel8l5tx
-
MD5
b17086a611a2fd3cbacca63c0f99bfb5
-
SHA1
106e8f8f367ec6cc3ef9ee53cc21705bc4c15b3f
-
SHA256
4f19d5ef50d476b9c41f8363bc749781b62b8ac8dc7cc2adb382b5b2a886dbd7
-
SHA512
d6f5ef4323bdd665d79d8b724da9c2e28107e66d6a11f8ce7d1fea00cbe3502d96af0a20543c72ea3eea4f01d9ff2fbf97fa969c24ee028754c9ba7769f03a35
Static task
static1
Behavioral task
behavioral1
Sample
today.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
today.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
today.exe
-
Size
6.6MB
-
MD5
b17086a611a2fd3cbacca63c0f99bfb5
-
SHA1
106e8f8f367ec6cc3ef9ee53cc21705bc4c15b3f
-
SHA256
4f19d5ef50d476b9c41f8363bc749781b62b8ac8dc7cc2adb382b5b2a886dbd7
-
SHA512
d6f5ef4323bdd665d79d8b724da9c2e28107e66d6a11f8ce7d1fea00cbe3502d96af0a20543c72ea3eea4f01d9ff2fbf97fa969c24ee028754c9ba7769f03a35
Score10/10-
BitRAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-