General
-
Target
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7
-
Size
1.6MB
-
Sample
220201-ex7lhsgefq
-
MD5
dcea219e1b7492f449b9d527b7b6cec2
-
SHA1
952c15bb97a8a518e2cd06cd0ccdf9207c605f5c
-
SHA256
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7
-
SHA512
60752f81d21ff752646e1c906a620acc72e16628d273ea34f14e453b9620fddfa19fd2b6837a6d330fb5ef4fbe3fab6e554b7ddd80e31e500d5cd68e9bbdc46e
Static task
static1
Behavioral task
behavioral1
Sample
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7
-
Size
1.6MB
-
MD5
dcea219e1b7492f449b9d527b7b6cec2
-
SHA1
952c15bb97a8a518e2cd06cd0ccdf9207c605f5c
-
SHA256
b7d5c66725810c90c16eac28adfed02a40ea845d38f7a2ff2d6020c1092f21b7
-
SHA512
60752f81d21ff752646e1c906a620acc72e16628d273ea34f14e453b9620fddfa19fd2b6837a6d330fb5ef4fbe3fab6e554b7ddd80e31e500d5cd68e9bbdc46e
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-