General
-
Target
Cjryjsra.exe
-
Size
3.2MB
-
Sample
220507-em2yaadgfn
-
MD5
04b92d276e5e29aaef5069087a1d25d3
-
SHA1
b3c133b9a56767f934b0bac585c7e6f7dcb92d9a
-
SHA256
fc31934152ea6e5d60c4ee949140d28b2cfe30764451f0c6d62ee2945490656d
-
SHA512
c70b4f7ef2ae8c9533d6b464f367d15e38e03df080f06b024134ee7f3f566d6dc209aec205f796bac7acd0bcee629eb676c80695b35cbff4c229faf4295afb83
Static task
static1
Behavioral task
behavioral1
Sample
Cjryjsra.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Cjryjsra.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
212.193.30.54:3680
-
communication_password
46821e93230f353d5c46240b0462a0fe
-
tor_process
tor
Targets
-
-
Target
Cjryjsra.exe
-
Size
3.2MB
-
MD5
04b92d276e5e29aaef5069087a1d25d3
-
SHA1
b3c133b9a56767f934b0bac585c7e6f7dcb92d9a
-
SHA256
fc31934152ea6e5d60c4ee949140d28b2cfe30764451f0c6d62ee2945490656d
-
SHA512
c70b4f7ef2ae8c9533d6b464f367d15e38e03df080f06b024134ee7f3f566d6dc209aec205f796bac7acd0bcee629eb676c80695b35cbff4c229faf4295afb83
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-