General
-
Target
dfdf48403506835206467e72952fc59fa3fb3c9dabc36090e82979e0b3a624c7
-
Size
58KB
-
Sample
211021-1ahvjaagb7
-
MD5
9d4458f6de6fb97b9b2a6ee9a69b62f4
-
SHA1
b7e91d625d95e6b6c8452c0beb4d9900da1931a2
-
SHA256
dfdf48403506835206467e72952fc59fa3fb3c9dabc36090e82979e0b3a624c7
-
SHA512
a7b91a7df43fa0902192d34b556d6957954c2878f3329a347226bb2edcfa5a5c44de3e0e245bfd1bcf2efd3c4bcbbb6e7dc17528d5917798cb9795a53dd53e06
Static task
static1
Behavioral task
behavioral1
Sample
dfdf48403506835206467e72952fc59fa3fb3c9dabc36090e82979e0b3a624c7.exe
Resource
win10-en-20210920
Malware Config
Extracted
\??\M:\Read_Me.txt
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?101NEGXZGST
https://yip.su/2QstD5
Targets
-
-
Target
dfdf48403506835206467e72952fc59fa3fb3c9dabc36090e82979e0b3a624c7
-
Size
58KB
-
MD5
9d4458f6de6fb97b9b2a6ee9a69b62f4
-
SHA1
b7e91d625d95e6b6c8452c0beb4d9900da1931a2
-
SHA256
dfdf48403506835206467e72952fc59fa3fb3c9dabc36090e82979e0b3a624c7
-
SHA512
a7b91a7df43fa0902192d34b556d6957954c2878f3329a347226bb2edcfa5a5c44de3e0e245bfd1bcf2efd3c4bcbbb6e7dc17528d5917798cb9795a53dd53e06
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-