General
-
Target
badbadnotgood.exe
-
Size
112KB
-
Sample
220117-y6agxscbh9
-
MD5
cc53642dc142809c56f656d8ee702650
-
SHA1
a18dcff5ec9ff5027309790d8bc0dd660cae38b8
-
SHA256
512ce7a1f66a65d818533dc79f2eb3dbb31696961e45f34e3a2ce98080488dc3
-
SHA512
31deb2edede5999afa926041700ecec71c734c5d76b88f548bd702dc66fc0fe7e7b0cf2578f80a7196d027577cb9850240af593af669c815ed43b9de3e7a6f2f
Static task
static1
Behavioral task
behavioral1
Sample
badbadnotgood.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
badbadnotgood.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
bitrat
1.38
drfcjug.duckdns.org:1882
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
badbadnotgood.exe
-
Size
112KB
-
MD5
cc53642dc142809c56f656d8ee702650
-
SHA1
a18dcff5ec9ff5027309790d8bc0dd660cae38b8
-
SHA256
512ce7a1f66a65d818533dc79f2eb3dbb31696961e45f34e3a2ce98080488dc3
-
SHA512
31deb2edede5999afa926041700ecec71c734c5d76b88f548bd702dc66fc0fe7e7b0cf2578f80a7196d027577cb9850240af593af669c815ed43b9de3e7a6f2f
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-