General
-
Target
78b4ba3aaf358440be7212cb23b8ca6c3f4fef477436b52c483185d4b90a8dda
-
Size
1.2MB
-
Sample
211108-xkp5tahhfm
-
MD5
93f2ef7ece667948d903fd81a9c93dae
-
SHA1
33a83a4a6d582c20c44719df67815455ec4f789c
-
SHA256
78b4ba3aaf358440be7212cb23b8ca6c3f4fef477436b52c483185d4b90a8dda
-
SHA512
793a9521600f50d127556ab7c46929faddc74e23cdbee49ec914a1502f346d7a3513036ee8d9c8d8c31112325217951b5e60df07093e5b6f3d0d3fc7148d2a4a
Static task
static1
Behavioral task
behavioral1
Sample
78b4ba3aaf358440be7212cb23b8ca6c3f4fef477436b52c483185d4b90a8dda.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
78b4ba3aaf358440be7212cb23b8ca6c3f4fef477436b52c483185d4b90a8dda
-
Size
1.2MB
-
MD5
93f2ef7ece667948d903fd81a9c93dae
-
SHA1
33a83a4a6d582c20c44719df67815455ec4f789c
-
SHA256
78b4ba3aaf358440be7212cb23b8ca6c3f4fef477436b52c483185d4b90a8dda
-
SHA512
793a9521600f50d127556ab7c46929faddc74e23cdbee49ec914a1502f346d7a3513036ee8d9c8d8c31112325217951b5e60df07093e5b6f3d0d3fc7148d2a4a
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-