General
-
Target
0e8e6fc94e6eb17cfd8993b3dcfd9acd11ee32f1b4e956df3097ae3259be4f9c
-
Size
3.3MB
-
Sample
211122-mq6dwaace3
-
MD5
d227e289fbb2493e6deb25ee5a17991c
-
SHA1
7c56887b7152f0f710cd8153ed0f8cce692f3c53
-
SHA256
0e8e6fc94e6eb17cfd8993b3dcfd9acd11ee32f1b4e956df3097ae3259be4f9c
-
SHA512
acde183afd0e27a542448827d10e4b887e7a4812e89afe90f50a890b826983011fe3ce56c77e1d413b803d612db1c758accd16d23757ce1491e4cc29ea8245af
Static task
static1
Behavioral task
behavioral1
Sample
0e8e6fc94e6eb17cfd8993b3dcfd9acd11ee32f1b4e956df3097ae3259be4f9c.exe
Resource
win7-en-20211014
Malware Config
Extracted
C:\Program Files\7-Zip\YCUX_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
0e8e6fc94e6eb17cfd8993b3dcfd9acd11ee32f1b4e956df3097ae3259be4f9c
-
Size
3.3MB
-
MD5
d227e289fbb2493e6deb25ee5a17991c
-
SHA1
7c56887b7152f0f710cd8153ed0f8cce692f3c53
-
SHA256
0e8e6fc94e6eb17cfd8993b3dcfd9acd11ee32f1b4e956df3097ae3259be4f9c
-
SHA512
acde183afd0e27a542448827d10e4b887e7a4812e89afe90f50a890b826983011fe3ce56c77e1d413b803d612db1c758accd16d23757ce1491e4cc29ea8245af
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-