General
-
Target
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8
-
Size
2.4MB
-
Sample
220121-2vse5sbhe4
-
MD5
a5fdd99bf98e3376cb52a60a6c94bfa3
-
SHA1
ea610ffed593c1756a84005f113de6eda1d27f85
-
SHA256
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8
-
SHA512
d1367298de62bc4c1be0a835fba85e93c7eda6505fddcbf771b81755d19f46930dad55a5b572c647b21d9f5de6053f91eb47f2a33ca557f710e1e96116aa6f97
Static task
static1
Behavioral task
behavioral1
Sample
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9090
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windowssecurirysercivehealth
-
install_file
windowssecurirysercive.exe
-
tor_process
tor
Targets
-
-
Target
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8
-
Size
2.4MB
-
MD5
a5fdd99bf98e3376cb52a60a6c94bfa3
-
SHA1
ea610ffed593c1756a84005f113de6eda1d27f85
-
SHA256
ed8ea7147615e1346db04eb63fe14ff1ea8dcb083006961e0400cbb4a9d999f8
-
SHA512
d1367298de62bc4c1be0a835fba85e93c7eda6505fddcbf771b81755d19f46930dad55a5b572c647b21d9f5de6053f91eb47f2a33ca557f710e1e96116aa6f97
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-