General
-
Target
eufive_20210816-144801
-
Size
482KB
-
Sample
210816-bjvt42a9yx
-
MD5
5ba895fb23729ffbb001e5dfe74aa132
-
SHA1
7a2b094329f369ff5a67971c3a71c46775e93000
-
SHA256
7fc66f244e022341520c4af91172ec3833c36b95624ee5c510086cd8d71db7ae
-
SHA512
34ad4a38eb4983018e1c626550378ef4622be2fb02b74d1bacf9155cc835fb838a092c53b5b46e1ee45eac4ba13e723e661bb5e969480a56d2839d14d79c8cde
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210816-144801.exe
Resource
win7v20210410
Malware Config
Extracted
https://cdn.discordapp.com/attachments/875404916150116402/875405053467459594/Minutes.txt
Targets
-
-
Target
eufive_20210816-144801
-
Size
482KB
-
MD5
5ba895fb23729ffbb001e5dfe74aa132
-
SHA1
7a2b094329f369ff5a67971c3a71c46775e93000
-
SHA256
7fc66f244e022341520c4af91172ec3833c36b95624ee5c510086cd8d71db7ae
-
SHA512
34ad4a38eb4983018e1c626550378ef4622be2fb02b74d1bacf9155cc835fb838a092c53b5b46e1ee45eac4ba13e723e661bb5e969480a56d2839d14d79c8cde
-
Poullight Stealer Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-