General
-
Target
9618345aad276496e7d33d390a0cdf5e
-
Size
322KB
-
Sample
220120-zwc1qsbfg9
-
MD5
9618345aad276496e7d33d390a0cdf5e
-
SHA1
49ea625e58a17a1992c767fc7afb137dbfd0419a
-
SHA256
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
-
SHA512
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
Static task
static1
Behavioral task
behavioral1
Sample
9618345aad276496e7d33d390a0cdf5e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9618345aad276496e7d33d390a0cdf5e.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
bitrat
1.38
20deenero.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
AppData
-
install_file
chrome.exe
-
tor_process
tor
Targets
-
-
Target
9618345aad276496e7d33d390a0cdf5e
-
Size
322KB
-
MD5
9618345aad276496e7d33d390a0cdf5e
-
SHA1
49ea625e58a17a1992c767fc7afb137dbfd0419a
-
SHA256
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
-
SHA512
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
Score10/10-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-