General
-
Target
SecuriteInfo.com.Trojan.GenericKD.48131406.23753.10396
-
Size
46KB
-
Sample
220129-s9ctkadaek
-
MD5
0c3281387e69e28ac3865135420ec039
-
SHA1
068bd09ad5f8dae225da6b53754823ed6f194973
-
SHA256
2d3c256a17925e5102852d2a9ecd212d9118ae9003b9c6cc064a598ef95e4891
-
SHA512
d8d7a8b678b37b91206db130cbefd522a8b6d3e1617acb981a1ae4367dc48c311ac64b9e973b14bdb0ff9cc6b62481f55b541791244b664907c95a29d9f9ceb0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.48131406.23753.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.GenericKD.48131406.23753.exe
Resource
win10-en-20211208
Malware Config
Extracted
https://cdn.discordapp.com/attachments/935052169835593748/936025628916973638/hissbitrat.exe
Extracted
https://cdn.discordapp.com/attachments/935052169835593748/936025629655175188/mybitrat.exe
Extracted
bitrat
1.38
linksphere.duckdns.org:1440
anubisgod.duckdns.org:1442
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
Queeno
-
install_file
Queenol.exe
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.48131406.23753.10396
-
Size
46KB
-
MD5
0c3281387e69e28ac3865135420ec039
-
SHA1
068bd09ad5f8dae225da6b53754823ed6f194973
-
SHA256
2d3c256a17925e5102852d2a9ecd212d9118ae9003b9c6cc064a598ef95e4891
-
SHA512
d8d7a8b678b37b91206db130cbefd522a8b6d3e1617acb981a1ae4367dc48c311ac64b9e973b14bdb0ff9cc6b62481f55b541791244b664907c95a29d9f9ceb0
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-