General
-
Target
Server.ps1
-
Size
3.1MB
-
Sample
220506-pjwxzahgh4
-
MD5
130807ee9aae9a5ba0c206b6eeb74982
-
SHA1
8970a669e4b1f1a2b42486ee5d9968bd466d523a
-
SHA256
3cead87d0418ee97c2fbddf19c699c58203c40e524e76bb08f26dcce9eb6dfdf
-
SHA512
b14fb98990e827f7a7fc7f09174ba34ba66dac16b8a47037fc463aa344d2b102fa67628a270919b88262c70594c7f7dbede6cb056a6e08a88a43673f522fabee
Static task
static1
Behavioral task
behavioral1
Sample
Server.ps1
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitratnew9200.duckdns.org:9200
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
Server.ps1
-
Size
3.1MB
-
MD5
130807ee9aae9a5ba0c206b6eeb74982
-
SHA1
8970a669e4b1f1a2b42486ee5d9968bd466d523a
-
SHA256
3cead87d0418ee97c2fbddf19c699c58203c40e524e76bb08f26dcce9eb6dfdf
-
SHA512
b14fb98990e827f7a7fc7f09174ba34ba66dac16b8a47037fc463aa344d2b102fa67628a270919b88262c70594c7f7dbede6cb056a6e08a88a43673f522fabee
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-