General
-
Target
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421
-
Size
2.4MB
-
Sample
220121-3e8ymadbhq
-
MD5
c41330626c45d83ec82189c8d3335f60
-
SHA1
44f20c13a6c784fe05f6ef170886a787bd2e90c5
-
SHA256
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421
-
SHA512
4a905b8392263d4275b8e0fee983a7018000aae404d811c92340dad7b337377565ac1a4e7e40529f3d70fb3fc146eef7fc103994b4b1fdbe4fda9daf2b722fde
Static task
static1
Behavioral task
behavioral1
Sample
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9097
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
System320772736e3b1d119b3
-
install_file
System320772736e3b1d119b.exe
-
tor_process
tor
Targets
-
-
Target
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421
-
Size
2.4MB
-
MD5
c41330626c45d83ec82189c8d3335f60
-
SHA1
44f20c13a6c784fe05f6ef170886a787bd2e90c5
-
SHA256
9ab79ee79a84bc24d8b08284d6016b9c0a3674b5595f059d0b5967f46b1eb421
-
SHA512
4a905b8392263d4275b8e0fee983a7018000aae404d811c92340dad7b337377565ac1a4e7e40529f3d70fb3fc146eef7fc103994b4b1fdbe4fda9daf2b722fde
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-