General
-
Target
purchase order.exe
-
Size
2.6MB
-
Sample
211215-lasbmsaagr
-
MD5
259f302f66d3a44fdbd517a551d1cb1c
-
SHA1
0e0a91c24abf886223efaab885f0d748d750d986
-
SHA256
21c2d3551e298b145d80c53b94df66f70b2eacc635165bf3b6d73450ea263cd3
-
SHA512
45074c9799381f061f8927927f10fbcf71742a62c77d20b2ec4f25bbaa6a4e0efca291d486576549a8774bc2561c30a605827e3a3dd3a908a5eb6ffc966137b2
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
purchase order.exe
-
Size
2.6MB
-
MD5
259f302f66d3a44fdbd517a551d1cb1c
-
SHA1
0e0a91c24abf886223efaab885f0d748d750d986
-
SHA256
21c2d3551e298b145d80c53b94df66f70b2eacc635165bf3b6d73450ea263cd3
-
SHA512
45074c9799381f061f8927927f10fbcf71742a62c77d20b2ec4f25bbaa6a4e0efca291d486576549a8774bc2561c30a605827e3a3dd3a908a5eb6ffc966137b2
-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-