General
-
Target
Btecz.exe
-
Size
3.0MB
-
Sample
220506-pt7r8ahhb4
-
MD5
7539d0480133c9b3be4c5a71cc9151b3
-
SHA1
7d2057acf324790c68ee6d4ac711536120e0d35f
-
SHA256
f4288442baa9970c87a94055eba6813e3c1cbb2b5df728bfa1780f646db2c7dd
-
SHA512
b23c037b2674d0d6d8d02e1dccf582f4406c5ed33dd420797663fa9f2dad61f404adfcdab7f0b27929f9dcba050a12072b1a18e2b229a10af3f76bd935cdd92b
Static task
static1
Behavioral task
behavioral1
Sample
Btecz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Btecz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
37.0.11.155:4670
-
communication_password
31af2433c836721a29f5d8e94b790444
-
tor_process
tor
Targets
-
-
Target
Btecz.exe
-
Size
3.0MB
-
MD5
7539d0480133c9b3be4c5a71cc9151b3
-
SHA1
7d2057acf324790c68ee6d4ac711536120e0d35f
-
SHA256
f4288442baa9970c87a94055eba6813e3c1cbb2b5df728bfa1780f646db2c7dd
-
SHA512
b23c037b2674d0d6d8d02e1dccf582f4406c5ed33dd420797663fa9f2dad61f404adfcdab7f0b27929f9dcba050a12072b1a18e2b229a10af3f76bd935cdd92b
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-