General
-
Target
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4
-
Size
2.1MB
-
Sample
220130-sdg4eacgbl
-
MD5
f1e98afd39a625e150a2fb6f066e1119
-
SHA1
d425b9ec5289d0f7ba937c6d9741339344da22d4
-
SHA256
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4
-
SHA512
233048d2cd5999839c660f2912568dbd824823046da56f1c1289ec6f91689bbb8ca3a4cc924dbf5590d8f2c865f053be89cd23fb438f1d1650a093de58e2bfd3
Static task
static1
Behavioral task
behavioral1
Sample
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
publiquilla.linkpc.net:9088
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windowsdefenderinitservices
-
install_file
windowsdefenderinitservice.exe
-
tor_process
tor
Targets
-
-
Target
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4
-
Size
2.1MB
-
MD5
f1e98afd39a625e150a2fb6f066e1119
-
SHA1
d425b9ec5289d0f7ba937c6d9741339344da22d4
-
SHA256
4d82e3c0921a972c4ff3fbc3827421f4a1d8f691d1de2ca6f92fbded0d1098e4
-
SHA512
233048d2cd5999839c660f2912568dbd824823046da56f1c1289ec6f91689bbb8ca3a4cc924dbf5590d8f2c865f053be89cd23fb438f1d1650a093de58e2bfd3
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-