General
-
Target
5204583970930688.zip
-
Size
1.5MB
-
Sample
220121-1adktabcc3
-
MD5
abe355c5e74e651176bc433d272408bd
-
SHA1
e01e4fe0c2c21ee6a61d41d9b4d2c09d2724f67d
-
SHA256
973926297abfda903b9b6ef303f7b0b6c7eddb184f9f26563a5adea43915ce8d
-
SHA512
830518e3a80189825b2eadb492f171275b53b9fbb2527d949581132ce05a309ed8518aef55a0837b16563ae5ccbfa415df515a1a74e4c97894eed5b7adabb6bc
Static task
static1
Behavioral task
behavioral1
Sample
e-transfer.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e-transfer.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
yakbitpeople.duckdns.org:9175
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
e-transfer.exe
-
Size
300.0MB
-
MD5
affebb601f181b9c290753caae06050a
-
SHA1
64942ee5d84b1a2262d02a1dd0ae1aa6e8b66486
-
SHA256
e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e
-
SHA512
3870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-