General
-
Target
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae
-
Size
3.5MB
-
Sample
211122-nzjf5sfdcl
-
MD5
36304d489f39b8a6feb8657c2c15a6ff
-
SHA1
3e6d50e22503ba36ba484df57fa6f524d357c029
-
SHA256
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae
-
SHA512
28d79e86c4008405dec6c817cea13099ddcc293d34270b5fdb6abca9660c122ca5a69697168d4364a43dddd6320a4ef8fc9f58aafbf97dc90f81f816ca9197d4
Static task
static1
Behavioral task
behavioral1
Sample
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\Program Files\7-Zip\Y2G9_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae
-
Size
3.5MB
-
MD5
36304d489f39b8a6feb8657c2c15a6ff
-
SHA1
3e6d50e22503ba36ba484df57fa6f524d357c029
-
SHA256
dd1e4842111c38d0d24deecd6aeb830d9d90bce19df0ffd839d5cfc7a565c0ae
-
SHA512
28d79e86c4008405dec6c817cea13099ddcc293d34270b5fdb6abca9660c122ca5a69697168d4364a43dddd6320a4ef8fc9f58aafbf97dc90f81f816ca9197d4
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-