General
-
Target
0x0004000000004ed7-39
-
Size
894KB
-
Sample
230901-wtwtaagh27
-
MD5
15f6043283bca82a89fe8bfe9437d95f
-
SHA1
e095820f8ef5a81e6cd6d8769d10196fb95a815f
-
SHA256
05a4408dde667582f0c04b49264be872c5502499814530d3e1880fc403e09a9e
-
SHA512
dc1587897e8e0dc73bf422a2edf5c50b351b2480b84cac419fe70b5af4a2ac42b5a2d4761af24da3366675c5cc39fe3173694c1b0a6f516fd6d4b3537634666e
-
SSDEEP
24576:D0VOCg6fsQsenEYTHKRCXT4QmeL3eGdYTz47btorrG:E/trTq0X3/Om
Static task
static1
Behavioral task
behavioral1
Sample
0x0004000000004ed7-39.ps1
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
0x0004000000004ed7-39
-
Size
894KB
-
MD5
15f6043283bca82a89fe8bfe9437d95f
-
SHA1
e095820f8ef5a81e6cd6d8769d10196fb95a815f
-
SHA256
05a4408dde667582f0c04b49264be872c5502499814530d3e1880fc403e09a9e
-
SHA512
dc1587897e8e0dc73bf422a2edf5c50b351b2480b84cac419fe70b5af4a2ac42b5a2d4761af24da3366675c5cc39fe3173694c1b0a6f516fd6d4b3537634666e
-
SSDEEP
24576:D0VOCg6fsQsenEYTHKRCXT4QmeL3eGdYTz47btorrG:E/trTq0X3/Om
-
ParallaxRat payload
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Executes dropped EXE
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-