General
-
Target
Release.zip
-
Size
82KB
-
Sample
210306-7ay626fp9n
-
MD5
ef5b4f75a6ad697960d94987933e99da
-
SHA1
6d85037b14162a8f0f36bbb145847ace9c55d0ac
-
SHA256
38f55d4fb0e4721db824f7dd44b4c9b132180087f277d6ae9d5991ec89510382
-
SHA512
d89eaa4b892c008aad957346f7592040fd1e39b47464fe0c871d1536ae6ce98de0de680f49689a01ebe48e68698b8357e848c8220698be1560c2d205150d117f
Static task
static1
Behavioral task
behavioral1
Sample
Release/TorrentParser-CLI.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Release/TorrentParser-CLI.exe
-
Size
8KB
-
MD5
8a2b9a6128c3c4a9701ed0504033dd58
-
SHA1
9d7b57c784f3f4aa7b700a115f52c086de19b74b
-
SHA256
6c738a8033611e29b67057b4401e5c8718998ad7caac94d4dfb0762275956652
-
SHA512
93e86b3edc47b93937a7158220efae4508e048d418c94472d6474c68673fed8379055251034d28aa664c88eb6fbec930da2d4721cd591d9e5958451490f62070
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-