General
-
Target
d0e763139d8ae4919323f584a1750cfe.exe
-
Size
46KB
-
Sample
211019-sn192ahabk
-
MD5
d0e763139d8ae4919323f584a1750cfe
-
SHA1
09cd2fd8de9b4968c9ea154c5f71c3273fc74087
-
SHA256
8ecd99368b83efde6f0d0d538e135394c5aec47faf430e86c5d9449eb0c9f770
-
SHA512
bc2a9c9fc703cedec5dfe087fb36f5eadd9335420c07018c7dfcf2ed45296370cc37b4e8da5afbcf12831ed94037281a64f37fa90cf75adc61bfe11506fe7700
Static task
static1
Behavioral task
behavioral1
Sample
d0e763139d8ae4919323f584a1750cfe.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
d0e763139d8ae4919323f584a1750cfe.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\Boot\bg-BG\Read_Me.txt
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?101TVBYKBDK
https://yip.su/2QstD5
Targets
-
-
Target
d0e763139d8ae4919323f584a1750cfe.exe
-
Size
46KB
-
MD5
d0e763139d8ae4919323f584a1750cfe
-
SHA1
09cd2fd8de9b4968c9ea154c5f71c3273fc74087
-
SHA256
8ecd99368b83efde6f0d0d538e135394c5aec47faf430e86c5d9449eb0c9f770
-
SHA512
bc2a9c9fc703cedec5dfe087fb36f5eadd9335420c07018c7dfcf2ed45296370cc37b4e8da5afbcf12831ed94037281a64f37fa90cf75adc61bfe11506fe7700
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-