General
-
Target
5a6bf2c5bcad6098f5eed902fd2ab165.exe
-
Size
2.6MB
-
Sample
211230-jh4zasffe6
-
MD5
5a6bf2c5bcad6098f5eed902fd2ab165
-
SHA1
169330abce1185aad9001fd590f8ea6952234a85
-
SHA256
06d093a1f7775df0391176bdee9e23b9856f95e0baa25c9d271e1854094235a2
-
SHA512
15821189aa69e7a35c6368c0898c7532f9cf43287ba4c6ace4c09885a2d175b9fbafc0cd6b463bfbc2ca721f1463a3904800fcee1133093d4802235072de35c1
Static task
static1
Behavioral task
behavioral1
Sample
5a6bf2c5bcad6098f5eed902fd2ab165.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5a6bf2c5bcad6098f5eed902fd2ab165.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
178.20.40.235:7777
-
communication_password
90518ace97affc6b80a96099c2928d6a
-
install_dir
Temp
-
install_file
$77lsass.exe
-
tor_process
tor
Targets
-
-
Target
5a6bf2c5bcad6098f5eed902fd2ab165.exe
-
Size
2.6MB
-
MD5
5a6bf2c5bcad6098f5eed902fd2ab165
-
SHA1
169330abce1185aad9001fd590f8ea6952234a85
-
SHA256
06d093a1f7775df0391176bdee9e23b9856f95e0baa25c9d271e1854094235a2
-
SHA512
15821189aa69e7a35c6368c0898c7532f9cf43287ba4c6ace4c09885a2d175b9fbafc0cd6b463bfbc2ca721f1463a3904800fcee1133093d4802235072de35c1
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-