General
-
Target
1c2697eec9a66c7da1bb6a0024a9431e.exe
-
Size
7.8MB
-
Sample
220131-h8dz5agfdn
-
MD5
1c2697eec9a66c7da1bb6a0024a9431e
-
SHA1
4bfd5fdab7fcdb5a6d91fe24d35870f60b12cf7f
-
SHA256
5548b857ac6b402388302ea82b0fda3ad06783a217b91e731559736bd5734685
-
SHA512
af753916f6af5cfbd2055146be7b48e6b30f1ca7b7a3753b500f5a7e732109e27e2739e930c2c733fbd31a11831ff2be1151929dadbb57ae35a88b0785bb9b46
Static task
static1
Behavioral task
behavioral1
Sample
1c2697eec9a66c7da1bb6a0024a9431e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1c2697eec9a66c7da1bb6a0024a9431e.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
kjhegxechiassewleatp3wbjyo7jqm2yhhofutzuvd2sem3pnd5hscad.onion:80
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
NEWTOR
Targets
-
-
Target
1c2697eec9a66c7da1bb6a0024a9431e.exe
-
Size
7.8MB
-
MD5
1c2697eec9a66c7da1bb6a0024a9431e
-
SHA1
4bfd5fdab7fcdb5a6d91fe24d35870f60b12cf7f
-
SHA256
5548b857ac6b402388302ea82b0fda3ad06783a217b91e731559736bd5734685
-
SHA512
af753916f6af5cfbd2055146be7b48e6b30f1ca7b7a3753b500f5a7e732109e27e2739e930c2c733fbd31a11831ff2be1151929dadbb57ae35a88b0785bb9b46
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-