Analysis
-
max time kernel
18s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 20:36
Static task
static1
Behavioral task
behavioral1
Sample
Pali.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Pali.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Pali/loader.cfg
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Pali/loader.cfg
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Pali/loader_prod.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Pali/loader_prod.exe
Resource
win10v2004-20240221-en
General
-
Target
Pali/loader_prod.exe
-
Size
25.8MB
-
MD5
bf8c871604eb4297a39c675b655a9f05
-
SHA1
f47bb195479b8f0555e21447503feb2be542ee3a
-
SHA256
3402266e9dea3f417c15c10154ca37761740b41c1c43823b705a177cee32721e
-
SHA512
d316caa28a270e97674069acb93a80e3d616aa5b3f284ca474234188b60238fa1dd39bc542fe6aa0f5f25d70eecca8c9ed4f3414b0bf8af217dbd7e344d0587e
-
SSDEEP
393216:njI1es00EYUK2uKa5b/kiJQQTCKJLigXB+605007GedW6+ADmFRL3am8cRr9IrCK:njIR0062OQTjJ+JOTeiASFycRx
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2768 loader_prod.exe 2768 loader_prod.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2768 loader_prod.exe