General
-
Target
9618345aad276496e7d33d390a0cdf5e
-
Size
322KB
-
Sample
220120-zwc1qsbfg9
-
MD5
9618345aad276496e7d33d390a0cdf5e
-
SHA1
49ea625e58a17a1992c767fc7afb137dbfd0419a
-
SHA256
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
-
SHA512
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
Static task
static1
Behavioral task
behavioral1
Sample
9618345aad276496e7d33d390a0cdf5e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9618345aad276496e7d33d390a0cdf5e.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
bitrat
1.38
20deenero.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
AppData
-
install_file
chrome.exe
-
tor_process
tor
Targets
-
-
Target
9618345aad276496e7d33d390a0cdf5e
-
Size
322KB
-
MD5
9618345aad276496e7d33d390a0cdf5e
-
SHA1
49ea625e58a17a1992c767fc7afb137dbfd0419a
-
SHA256
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
-
SHA512
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
Score10/10-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
2Discovery
Query Registry
1Remote System Discovery
1System Information Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
2Privilege Escalation