General
-
Target
Gkkkaytp.exe
-
Size
3.1MB
-
Sample
220507-eq4ahsdhgr
-
MD5
58b756316b232975a709148b774bd66c
-
SHA1
4263dc71f89dfba45d79647d5ca73cd7841b039b
-
SHA256
39d180e2f5c447706ad8e4f2fc0a86c2cbd586426dd1343f37f3008569f1a60b
-
SHA512
65b3b7ac35b0dd92ca85ce08d521e05d66009ee7c3de8dc9663013855c064e936f1c6848e261b7aa953cb3d77acfdc433906d5d201955daea29187e4b301c6a8
Static task
static1
Behavioral task
behavioral1
Sample
Gkkkaytp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Gkkkaytp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
212.193.30.54:3680
-
communication_password
46821e93230f353d5c46240b0462a0fe
-
tor_process
tor
Targets
-
-
Target
Gkkkaytp.exe
-
Size
3.1MB
-
MD5
58b756316b232975a709148b774bd66c
-
SHA1
4263dc71f89dfba45d79647d5ca73cd7841b039b
-
SHA256
39d180e2f5c447706ad8e4f2fc0a86c2cbd586426dd1343f37f3008569f1a60b
-
SHA512
65b3b7ac35b0dd92ca85ce08d521e05d66009ee7c3de8dc9663013855c064e936f1c6848e261b7aa953cb3d77acfdc433906d5d201955daea29187e4b301c6a8
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-