General
-
Target
dhlfil.img
-
Size
1.6MB
-
Sample
211027-s9e9pahcal
-
MD5
f2c8880497b03f6dde8ac0469ae191d9
-
SHA1
c40efdf7d3dd1bfbf91713c013132040ba0f8bbf
-
SHA256
a3ed7bca29166e75fde72157d1278c6eef708cdc6e5d66298f5b0680ac76b070
-
SHA512
8f14af58734a5b115a818b58e5b194953798ca1e26b02b4ce975e7fb4029bd606645f6bdc376c46c4c1a848190ebae66b302073a14a10fc0b4ab4110a5e3ee71
Static task
static1
Behavioral task
behavioral1
Sample
NWSZECLP.EXE
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
NWSZECLP.EXE
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
NWSZECLP.EXE
-
Size
1.0MB
-
MD5
d9933ea3772f724ae6eed3b8c13474cd
-
SHA1
e201b9f31a4de9012f2abcbe1d2063cc3d41322d
-
SHA256
93b7a518e97ad29f0c71d0af14a8e1f0db10564300bdeee1d71a2490d34615cc
-
SHA512
6ee4afa45ae3958f665c2a4cc3414790573912455da1903516463366f77fb83c99ef2b3cec6a1514d33bf922f1354d870812bf66bec200c52005574b92e14ec9
Score10/10-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-