General
-
Target
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
-
Size
2.0MB
-
Sample
220121-3ddq4acgc7
-
MD5
81ef454de5367209d2c791fa6b1c8dd7
-
SHA1
32a1569c1c30e0241461df8128a86e0bdae26797
-
SHA256
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
-
SHA512
18b2922b89526b5edb235d95b2337ab481c8ce773f431627662e18f49713c15dc291c56eac1c66ba7d534df779a74fd59b9111d304d12aced8144d41986198a9
Static task
static1
Behavioral task
behavioral1
Sample
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9097
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
System320772736e3b1d119b3
-
install_file
System320772736e3b1d119b.exe
-
tor_process
tor
Targets
-
-
Target
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
-
Size
2.0MB
-
MD5
81ef454de5367209d2c791fa6b1c8dd7
-
SHA1
32a1569c1c30e0241461df8128a86e0bdae26797
-
SHA256
a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
-
SHA512
18b2922b89526b5edb235d95b2337ab481c8ce773f431627662e18f49713c15dc291c56eac1c66ba7d534df779a74fd59b9111d304d12aced8144d41986198a9
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-