Overview

overview

8

Static

static

3

RtlApp.dll

windows7-x64

7

RtlApp.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RtlApp.dll

  • Size

    71KB

  • Sample

    240529-nxnm3sdc3s

  • MD5

    9858470c32fb5b76a744b55846745238

  • SHA1

    5b2945096e83c16a1efaeb97b3b7544fe8b32eb6

  • SHA256

    9d4c80ea1d6d1ce11f9bb79d7a5a4ddfcea9f20ffe039db7215e9c57fc183476

  • SHA512

    1edad7989e1cda5c1fadd4a9af0e10b7ef538f2eafb1ece3932064b54cf53beadf91b4aa5b80dcc2ddccd2dac8120d119766385c8dfda70655bc150d11d0f2a6

  • SSDEEP

    1536:35q3PS6wt961ASYtbSJ1H81NjrqYSHvdaMCjAxWTV1/3:syaYtOm1NfmdadMUV1P

Score
8/10
discovery

Malware Config

Targets

    • Target

      RtlApp.dll

    • Size

      71KB

    • MD5

      9858470c32fb5b76a744b55846745238

    • SHA1

      5b2945096e83c16a1efaeb97b3b7544fe8b32eb6

    • SHA256

      9d4c80ea1d6d1ce11f9bb79d7a5a4ddfcea9f20ffe039db7215e9c57fc183476

    • SHA512

      1edad7989e1cda5c1fadd4a9af0e10b7ef538f2eafb1ece3932064b54cf53beadf91b4aa5b80dcc2ddccd2dac8120d119766385c8dfda70655bc150d11d0f2a6

    • SSDEEP

      1536:35q3PS6wt961ASYtbSJ1H81NjrqYSHvdaMCjAxWTV1/3:syaYtOm1NfmdadMUV1P

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks