Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 01:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
LisectAVT_2403002B_191.exe
Resource
win7-20240708-en
2 signatures
150 seconds
General
-
Target
LisectAVT_2403002B_191.exe
-
Size
767KB
-
MD5
e5abfd692dfbe2e054b12d6c8758bd4a
-
SHA1
18a4b6f44fce7c7fb68a953d3044f2b5a61108ab
-
SHA256
a8fb63a86d620269b9e8179351f3c85d74b5c526cc4fc4ded6fcd3a1977ec936
-
SHA512
e1d5a2ee4b0768961c21c1d917bcbff36a01b7b93d9b39d2200a94799679876164428548c8ba1611bbc64411aa516d64d8efcebd4d4b86ba513763e1bc73e41c
-
SSDEEP
12288:Re1caCQXzPHUjF6eV7vbCfzYUjWuZwhG+BDMzwl:ReGQDP0j8Q7TCL2uZZUDMz
Malware Config
Signatures
-
Detects HZRAT backdoor 4 IoCs
Processes:
resource yara_rule behavioral2/memory/1532-1-0x0000000000400000-0x00000000004B9000-memory.dmp family_hzrat behavioral2/memory/1532-2-0x0000000000400000-0x00000000004B9000-memory.dmp family_hzrat behavioral2/memory/1532-4-0x0000000000400000-0x00000000004B9000-memory.dmp family_hzrat behavioral2/memory/1532-6-0x0000000000400000-0x00000000004B9000-memory.dmp family_hzrat -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
LisectAVT_2403002B_191.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language LisectAVT_2403002B_191.exe