General
-
Target
files000289.img
-
Size
1.6MB
-
Sample
211027-ancmkaadg2
-
MD5
f5ba4056878b6bfb537574dec8660fac
-
SHA1
8af5731e6172268cffce686203afdec32b1885a9
-
SHA256
67c20680218a6e7a0f55f1fae46bc9feec46929789f9d59a70ac5fc3510b32a8
-
SHA512
1d4ae519ca58499090ad2ff96ddc5dc9fb677d734cbfc780026723a92fd0dc8cb3c4bfbfda42dbe2a0d609e172c2033b6730d19ae164bca17ab9ab1ab8f1193a
Static task
static1
Behavioral task
behavioral1
Sample
RAXCFQVS.EXE
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RAXCFQVS.EXE
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
RAXCFQVS.EXE
-
Size
1017KB
-
MD5
3867ec5e6d177069a5468d462c30256c
-
SHA1
d2e025c42d90dc2a8f17f9bab6dd7f632e123e44
-
SHA256
337be63dd8d9e3f24e72c8637a4859a3270e0a6f98df3fdd1e269d632651d893
-
SHA512
f8360f758058eea5a197dc29647b21be31b4f82eaa76998f97683563973335130d20bbd886c6b4fcb8c42cd7058377ed176dd430c0af4e3c7387b458307f0057
-
BitRAT Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-