General
-
Target
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818
-
Size
1.3MB
-
Sample
220201-dks2xsfgar
-
MD5
30394ae40943a49d1b0771acb813498f
-
SHA1
bae68284fb59446956736237928fda74d4e3b209
-
SHA256
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818
-
SHA512
1b47a780fe8b367c275f0ef8b0806f0852791ca49aa80cc3bec4bfac6c237efa145651fffb2ee43cd23868d8dd95e88dfd3b477c69e6aab52b2b9354348efb0d
Static task
static1
Behavioral task
behavioral1
Sample
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818
-
Size
1.3MB
-
MD5
30394ae40943a49d1b0771acb813498f
-
SHA1
bae68284fb59446956736237928fda74d4e3b209
-
SHA256
e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818
-
SHA512
1b47a780fe8b367c275f0ef8b0806f0852791ca49aa80cc3bec4bfac6c237efa145651fffb2ee43cd23868d8dd95e88dfd3b477c69e6aab52b2b9354348efb0d
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-