General
-
Target
b4a3a36942d093c4280ae0f62bedbbb7e0c98e096c5c2deaff57351f3a21e066
-
Size
421KB
-
Sample
220215-hp8emadddm
-
MD5
7befa62d431b99879d357f4173bdfaa2
-
SHA1
87c3d6661ad988a7ec07ecd7ef16292ce2efb54f
-
SHA256
b4a3a36942d093c4280ae0f62bedbbb7e0c98e096c5c2deaff57351f3a21e066
-
SHA512
21a35c4dacddd393618eb109e1ddf7d19835725c64226929d5d0dd537b68549cc92aaa15ae61450a30bc3da0998cc1f4266fe7396c582766206f45598aef7a31
Static task
static1
Behavioral task
behavioral1
Sample
b4a3a36942d093c4280ae0f62bedbbb7e0c98e096c5c2deaff57351f3a21e066.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
cipexl72.top
morahe07.top
-
payload_url
http://sahdyr18.top/download.php?file=bather.exe
Targets
-
-
Target
b4a3a36942d093c4280ae0f62bedbbb7e0c98e096c5c2deaff57351f3a21e066
-
Size
421KB
-
MD5
7befa62d431b99879d357f4173bdfaa2
-
SHA1
87c3d6661ad988a7ec07ecd7ef16292ce2efb54f
-
SHA256
b4a3a36942d093c4280ae0f62bedbbb7e0c98e096c5c2deaff57351f3a21e066
-
SHA512
21a35c4dacddd393618eb109e1ddf7d19835725c64226929d5d0dd537b68549cc92aaa15ae61450a30bc3da0998cc1f4266fe7396c582766206f45598aef7a31
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-