General
-
Target
purchase order01102.exe
-
Size
2.0MB
-
Sample
211201-m32apabegp
-
MD5
17fcd17f51b96a5a41684dd09a629c05
-
SHA1
4d83fd286f31a1b0b387423d0e8fce90da16bfd9
-
SHA256
7d57902ed9cc59fc539984a27e96e6310b42f1cd3ae1206c0d3505ab0d062f1f
-
SHA512
ba167809ec29183d55acb306a7ef8c41d2284914b0fbbd918b28c4a8587f640c20d12954884c354552de0464b6b34c4cd1ffd76aa737a72a7d90af4b3b0b468c
Static task
static1
Behavioral task
behavioral1
Sample
purchase order01102.exe
Resource
win7-en-20211104
Malware Config
Targets
-
-
Target
purchase order01102.exe
-
Size
2.0MB
-
MD5
17fcd17f51b96a5a41684dd09a629c05
-
SHA1
4d83fd286f31a1b0b387423d0e8fce90da16bfd9
-
SHA256
7d57902ed9cc59fc539984a27e96e6310b42f1cd3ae1206c0d3505ab0d062f1f
-
SHA512
ba167809ec29183d55acb306a7ef8c41d2284914b0fbbd918b28c4a8587f640c20d12954884c354552de0464b6b34c4cd1ffd76aa737a72a7d90af4b3b0b468c
-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-