General
-
Target
Overdue payment_20218423384940404043.exe
-
Size
616KB
-
Sample
210720-jpq8ancv7e
-
MD5
174774bb3af22d75d86073c43927c6ed
-
SHA1
f673dae4d5974030446c402a532a06c93c85c0fd
-
SHA256
19247536d1bb8035395a3a2bca3ecb17c36ddf48fee86a00d9d6e3e4bf622f35
-
SHA512
bc6f32d3fe5a19424c662348538996aa147ec0997da5ad0309194345b23b5322140d38eecc7bb326307bcbb33fabd0e0c40b8a44026497ef1f14f926e08902c7
Static task
static1
Behavioral task
behavioral1
Sample
Overdue payment_20218423384940404043.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Overdue payment_20218423384940404043.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Overdue payment_20218423384940404043.exe
-
Size
616KB
-
MD5
174774bb3af22d75d86073c43927c6ed
-
SHA1
f673dae4d5974030446c402a532a06c93c85c0fd
-
SHA256
19247536d1bb8035395a3a2bca3ecb17c36ddf48fee86a00d9d6e3e4bf622f35
-
SHA512
bc6f32d3fe5a19424c662348538996aa147ec0997da5ad0309194345b23b5322140d38eecc7bb326307bcbb33fabd0e0c40b8a44026497ef1f14f926e08902c7
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-