General
-
Target
The__New__File__Setup.rar
-
Size
157KB
-
Sample
220307-zht24afgg6
-
MD5
27b48ee6e64fe592ad4a4dd5372562cf
-
SHA1
2eadc146d599f98e774748ecfc155e70ebf470a8
-
SHA256
b44e19a6c5eb8c470abccab829b415f5a81d212cae9b9f2fc3d349a06978a4d4
-
SHA512
2828ed8309c24b64867bcecc2d1e39e2830d9258cdd7005ab94fd7d5703c3dc95aaa982a03d5cfd23ba7c17b0625a31f57924d3fee4dcde6a023e6560da625df
Static task
static1
Behavioral task
behavioral1
Sample
Main__Setup.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
Main__Setup.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
P@ssWorD is= 1234.jpg
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
P@ssWorD is= 1234.jpg
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
Main__Setup.exe
-
Size
750.0MB
-
MD5
0acc6b030f96957830f7b9dc92023a12
-
SHA1
86fc468e5d074433e84ed450f5d5bb78b1f17011
-
SHA256
6efa533a39cda08148230e64ead2ee1b48418891fb69bd2fe87a53abee37ff71
-
SHA512
ffd44734269fcdb2408cd3f90afb73bd642162831b1c19b0f13bd6be0d5796ebadd9d94166be2bfa2e64417d450f1d96609cee2b3407a767fff47bfe49543cf9
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
P@ssWorD is= 1234.jpeg
-
Size
13KB
-
MD5
5daa89205213faa52faec566914fc481
-
SHA1
766b357000cb731d2342841acee37cdef3ab7027
-
SHA256
1f11e582ee2be2315bf71ebe223957c19cee5128ba43122ba14342adad89bf45
-
SHA512
3bb7030786d1198abdc767b216c53db193b1ffd77ea44d2aa3bde9f406fb5bf030873edb070d2fcd5a63e62da833b2bd9f99ab43fe6784b3600e7ba24ce4e52b
Score1/10 -