General
-
Target
23fdce6b83e4d7a19c95bb4bf0d37cff7cff3dc388d199317eb9176a214d32b7
-
Size
1.9MB
-
Sample
220130-td8rssdfbm
-
MD5
05e4b947ad6be711fd6e0bb9844b51af
-
SHA1
13c86bf36e50d9275d28dbf127e2a7d607a93f2a
-
SHA256
23fdce6b83e4d7a19c95bb4bf0d37cff7cff3dc388d199317eb9176a214d32b7
-
SHA512
e997ac70f3e2d8b940998a878a624a5607c1220082de338fc7550f0480a94b7c4739aea4ed7f55e2d575c9867e3992932333ab2c57e3691a6bee9491613e6231
Static task
static1
Behavioral task
behavioral1
Sample
23fdce6b83e4d7a19c95bb4bf0d37cff7cff3dc388d199317eb9176a214d32b7.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9097
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
System320772736e3b1d119b3
-
install_file
System320772736e3b1d119b.exe
-
tor_process
tor
Targets
-
-
Target
23fdce6b83e4d7a19c95bb4bf0d37cff7cff3dc388d199317eb9176a214d32b7
-
Size
1.9MB
-
MD5
05e4b947ad6be711fd6e0bb9844b51af
-
SHA1
13c86bf36e50d9275d28dbf127e2a7d607a93f2a
-
SHA256
23fdce6b83e4d7a19c95bb4bf0d37cff7cff3dc388d199317eb9176a214d32b7
-
SHA512
e997ac70f3e2d8b940998a878a624a5607c1220082de338fc7550f0480a94b7c4739aea4ed7f55e2d575c9867e3992932333ab2c57e3691a6bee9491613e6231
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-