General
-
Target
SS.exe
-
Size
30.3MB
-
Sample
211030-ekjzpabbfq
-
MD5
d6d78e94de610fad6749338f855edbcc
-
SHA1
0fb9d7b713ae158bf35f480f62d20255b6d14a97
-
SHA256
f0f90338553ab244d779b2f172c2e6c82f7fc5725cba6ddb8d09c48d5f481e07
-
SHA512
33f36597a642af214f2e349015f5a0a625014536ae00016e9fdc110f2a37ea84cdfb7c6e9039a02830730314fc8358bc7076c7fdfec12c140f4394cfb0e4079f
Static task
static1
Behavioral task
behavioral1
Sample
SS.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
SS.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\Windows\Vss\ReadIt.txt
Eliot.Bing@mailfence.com
EliotBing@tutanota.com
EmmaGaller@cock.lu
Extracted
C:\Windows\Vss\ReadIt.txt
Eliot.Bing@mailfence.com
EliotBing@tutanota.com
EmmaGaller@cock.lu
Targets
-
-
Target
SS.exe
-
Size
30.3MB
-
MD5
d6d78e94de610fad6749338f855edbcc
-
SHA1
0fb9d7b713ae158bf35f480f62d20255b6d14a97
-
SHA256
f0f90338553ab244d779b2f172c2e6c82f7fc5725cba6ddb8d09c48d5f481e07
-
SHA512
33f36597a642af214f2e349015f5a0a625014536ae00016e9fdc110f2a37ea84cdfb7c6e9039a02830730314fc8358bc7076c7fdfec12c140f4394cfb0e4079f
Score10/10-
Disables Task Manager via registry modification
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-