General
-
Target
AudioApplication.vbs
-
Size
3KB
-
Sample
220119-hxneesffh4
-
MD5
257cb7d47ef7b5221bd8d95cbdd7f47e
-
SHA1
0f4cb975fbaf27684908503de9476a2d02646734
-
SHA256
b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9
-
SHA512
d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67
Static task
static1
Behavioral task
behavioral1
Sample
AudioApplication.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
AudioApplication.vbs
Resource
win10v2004-en-20220113
Malware Config
Extracted
http://185.7.214.7/BITRA/oo.html
Extracted
http://185.7.214.7/BITRA/AU.PNG
Extracted
http://185.7.214.7/BITRA/YES.PNG
Extracted
bitrat
1.38
185.7.214.8:4884
-
communication_password
311f4e4b7562e9d5ba31bd6afa686479
-
tor_process
tor
Targets
-
-
Target
AudioApplication.vbs
-
Size
3KB
-
MD5
257cb7d47ef7b5221bd8d95cbdd7f47e
-
SHA1
0f4cb975fbaf27684908503de9476a2d02646734
-
SHA256
b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9
-
SHA512
d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-