General
-
Target
tmp/bd03fb58-723a-4fa6-82f8-93758869c635_OneDriveSrv.exe
-
Size
3.8MB
-
Sample
211225-vh1gnaaff3
-
MD5
0d07fefaea7c703dcec48de25636143d
-
SHA1
8961c4024bb979f93e3abec8adf6b7087327a2f1
-
SHA256
bff5cf19832985267c5470e30de4c0c948a4920e1442817a65ee5e25688c30ff
-
SHA512
f8ef0d94162c72cc3e0ced64231f424e5826f43dcc8455f0a79820b609149cfdd18f658f6b41d9e99501539902eaf14893bc9f0dc9498f9bfa76e17bfb01a4b4
Static task
static1
Behavioral task
behavioral1
Sample
tmp/bd03fb58-723a-4fa6-82f8-93758869c635_OneDriveSrv.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/bd03fb58-723a-4fa6-82f8-93758869c635_OneDriveSrv.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
0x0x0pp.duckdns.org:1313
-
communication_password
f65684e459131fe80206668d5a686f4d
-
install_dir
Microsoft OneDrive
-
install_file
OneDriveSrv.exe
-
tor_process
tor
Targets
-
-
Target
tmp/bd03fb58-723a-4fa6-82f8-93758869c635_OneDriveSrv.exe
-
Size
3.8MB
-
MD5
0d07fefaea7c703dcec48de25636143d
-
SHA1
8961c4024bb979f93e3abec8adf6b7087327a2f1
-
SHA256
bff5cf19832985267c5470e30de4c0c948a4920e1442817a65ee5e25688c30ff
-
SHA512
f8ef0d94162c72cc3e0ced64231f424e5826f43dcc8455f0a79820b609149cfdd18f658f6b41d9e99501539902eaf14893bc9f0dc9498f9bfa76e17bfb01a4b4
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-