General
-
Target
Attachment.iso
-
Size
1.3MB
-
Sample
211116-r7v2pabcdp
-
MD5
abb323fb3917925f2999e098305f8456
-
SHA1
4d91e8c50ca8025e9d657f797584213d2bb7d6bc
-
SHA256
416718d9930e9b17539d9581be3ac4fa607c685c0da970d0dd159cac607d22c8
-
SHA512
4a6cdb7862989b26e819dcd63053f0716d8408145b752a0012c51703224fb2ad580fb5b99a447dd225bfaf04f4d874f7871bb28746df2d40972b328143689485
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.EXE
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DOCUMENT.EXE
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
DOCUMENT.EXE
-
Size
773KB
-
MD5
d29189ac735f5a778334853c17de6a3f
-
SHA1
df709ca030fbf8e46d5c36cc58820aee1bda5096
-
SHA256
92f3596778824929bff1a64b43bc00c97f229de8d136dd6751a4972bba237bf3
-
SHA512
61ccdd1d6e87dc3c5c09f2e9c2f0cb6e0fa1e8386f73bee8c322e331cf5e994d063cc795e509947d9c6a26efdb125dcbdc8c557549b1cce6143b72239a6895ed
Score10/10-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-