General
-
Target
Invoice#918.img
-
Size
1.9MB
-
Sample
220518-sen84sdgfn
-
MD5
69ac6ec0a69d43204bc88a32ff892653
-
SHA1
3117687505b9274bdfd202e08576d0c917bfc0ee
-
SHA256
a2c51883eb21b0db00f8a6d6c54846afac998b0dd72d95496c719eb22bc412f6
-
SHA512
842d7b45a2f73bacc05e2a614fa5782e7052369b74e143e1574fe4489307b5ce48b5a4b3388bad6350086d3082071e391531a41ed215af5aed0b88a3460e047a
Static task
static1
Behavioral task
behavioral1
Sample
GKXQLZQA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GKXQLZQA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
oka.nerdpol.ovh:2223
-
communication_password
b6c6e855edf908ec7c12ce8c8e628a5c
-
tor_process
tor
Targets
-
-
Target
GKXQLZQA.EXE
-
Size
1.4MB
-
MD5
c791f4d69f14fd5e75c83610fb9ae025
-
SHA1
0e24d2e718c620f73eaf16deea3363ece658cace
-
SHA256
80d6d5e05616fd64ef95fe7f76ceca050335280f160275522839961f30fa96e4
-
SHA512
5923d50a58b70e78b874921ea0f0a4438b8514f34b28a9f19949a84f520d5b9a0642290bf6217e23b43230ccedf04a9a3203467653fd6603e0590d698574465f
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-