General
-
Target
DHL-SHIPMENT_INFO.exe
-
Size
3.3MB
-
Sample
211029-fs5f2ahcgm
-
MD5
bea12b6b586c2401c6c16210c4d3f114
-
SHA1
23e41e5f5101f6c71bc2d47b863884db1d220da4
-
SHA256
8e476e96fba5dc1ddd8651b1f2039628880a0f7284f21d72d7e1ce70987e1a1a
-
SHA512
b388e8b9e5148cfd9901eea94a0e4e75c1dd18432b20ea968c307ba42b3c56a0d7ae831b43926d1c7d9e4f2091f1efc1cfa4e133c408f4e8b737742d3db10d70
Static task
static1
Behavioral task
behavioral1
Sample
DHL-SHIPMENT_INFO.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
DHL-SHIPMENT_INFO.exe
-
Size
3.3MB
-
MD5
bea12b6b586c2401c6c16210c4d3f114
-
SHA1
23e41e5f5101f6c71bc2d47b863884db1d220da4
-
SHA256
8e476e96fba5dc1ddd8651b1f2039628880a0f7284f21d72d7e1ce70987e1a1a
-
SHA512
b388e8b9e5148cfd9901eea94a0e4e75c1dd18432b20ea968c307ba42b3c56a0d7ae831b43926d1c7d9e4f2091f1efc1cfa4e133c408f4e8b737742d3db10d70
-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-