Analysis
-
max time kernel
146s -
max time network
172s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 22:17
Static task
static1
Behavioral task
behavioral1
Sample
e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
Resource
win10v2004-20220414-en
General
-
Target
e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
-
Size
365KB
-
MD5
def2219991114fbac93aca787579946c
-
SHA1
e2c877782f16b786db3d569895a23fe9920e2ad4
-
SHA256
e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d
-
SHA512
1f5252c63ed6959b96fcc10863dee2f39ef949f2d18905f821fb429d5e471345b7564bd0bccdee22eeefdcced3a883bd0b5bc9e29bbabb2442a17ebdd4793109
Malware Config
Signatures
-
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
-
Unexpected DNS network traffic destination 9 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 1.2.4.8 Destination IP 185.243.215.214 Destination IP 1.2.4.8 Destination IP 114.114.114.114 Destination IP 185.243.215.214 Destination IP 114.114.114.114 Destination IP 185.243.215.214 Destination IP 185.243.215.214 Destination IP 185.243.215.214 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exedescription pid process Token: SeShutdownPrivilege 1752 e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe