General
-
Target
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0
-
Size
2.1MB
-
Sample
220130-vbypgsfec4
-
MD5
a30f16bc22f9f13f913e86a5dfffd331
-
SHA1
61da909e5252f37c957d3373e67ef23f09265b88
-
SHA256
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0
-
SHA512
8cfd52db79d25e3f321583bf532563a380c617e8832433803273c2608a072f63e8776d0d4f6e7dfcf7b31c1ebd3d82d9877d182b040dfcae1ee0dfd7e10d56ca
Static task
static1
Behavioral task
behavioral1
Sample
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
publiquilla.linkpc.net:9088
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windowsdefenderinitservices
-
install_file
windowsdefenderinitservice.exe
-
tor_process
tor
Targets
-
-
Target
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0
-
Size
2.1MB
-
MD5
a30f16bc22f9f13f913e86a5dfffd331
-
SHA1
61da909e5252f37c957d3373e67ef23f09265b88
-
SHA256
001ac097275ba7e82313354f1360aaa288d6bb087d82e107c263586f9e97f9d0
-
SHA512
8cfd52db79d25e3f321583bf532563a380c617e8832433803273c2608a072f63e8776d0d4f6e7dfcf7b31c1ebd3d82d9877d182b040dfcae1ee0dfd7e10d56ca
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-