General
-
Target
d7699afcf044b90a9f22bd4ed2662c88.exe
-
Size
7.8MB
-
Sample
220131-h8dz5ahcg3
-
MD5
d7699afcf044b90a9f22bd4ed2662c88
-
SHA1
afe7ad4e2f7b518695635d2b8766ffc2d8ef0df2
-
SHA256
d6fa908610cbcfd0de2bfbfadc4ae6f50194e9bccec7ec8a63f7aa4546b72715
-
SHA512
4571169f4dbc8822f2c20aa1fa0ba7f0062c928622bff3f354836fa5bd12e71fbb71855046b82d2e58929b58af25b78eecc86c404f051d642955cb9755a55048
Malware Config
Extracted
bitrat
1.38
tcki6mrrcnrt33qy52viv7m64y6hepkv646nnzglrkbgytyt6b2hdrid.onion:80
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
dllhost
Targets
-
-
Target
d7699afcf044b90a9f22bd4ed2662c88.exe
-
Size
7.8MB
-
MD5
d7699afcf044b90a9f22bd4ed2662c88
-
SHA1
afe7ad4e2f7b518695635d2b8766ffc2d8ef0df2
-
SHA256
d6fa908610cbcfd0de2bfbfadc4ae6f50194e9bccec7ec8a63f7aa4546b72715
-
SHA512
4571169f4dbc8822f2c20aa1fa0ba7f0062c928622bff3f354836fa5bd12e71fbb71855046b82d2e58929b58af25b78eecc86c404f051d642955cb9755a55048
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-