General
-
Target
79f4c2aa9c3cdae4b02b1ab8e8df8e6e0d6a02c692991c0ee83a110260940038.bin.sample.gz
-
Size
30.2MB
-
Sample
210707-zr9byvhhex
-
MD5
f186e7fead302a4f31c73c8980fad54b
-
SHA1
c17f09e8f8767443a8c2c7e62ed7ad341dc8d4db
-
SHA256
2ae2d174af3118073f10bbc6288efedcfebf9f4fa69ad823fec3dc69a7b37cc3
-
SHA512
0d6b1f77f6d1ee57acdabc2e90b08c9bf9e01303373d41e2cc20b1f0b133e6cf51423b22a48b9eb500d0b6451a0bc78181f60db3159f58c7652965f47d0af62a
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Windows\Vss\GoodMorning.txt
Goood.Morning@mailfence.com
GooodMorning@tutanota.com
GoodMorning9@cock.li
Extracted
C:\Windows\Vss\GoodMorning.txt
Goood.Morning@mailfence.com
GooodMorning@tutanota.com
GoodMorning9@cock.li
Targets
-
-
Target
sample
-
Size
30.2MB
-
MD5
931d8cc9acda477fb505d9a2c09f581e
-
SHA1
748b9874c2f818a76ba55abecc90beb382b9b24f
-
SHA256
79f4c2aa9c3cdae4b02b1ab8e8df8e6e0d6a02c692991c0ee83a110260940038
-
SHA512
767cbfd0cc99cecdf942d146954dd62d66ea7ac98b2003025218ac1263b8a4e07804bbbc55329789b77682766e75a1370661630639fb0a3b4f636604bc844fe7
Score10/10-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-