General
-
Target
2.7z
-
Size
2KB
-
Sample
220507-f1nhgscae5
-
MD5
36ffc07a4628f819e120490dc20a9a17
-
SHA1
ec010b0524cab86c1faa27dc329162800dc1a9c5
-
SHA256
eba1a0340775b4b2bb9745173d5dea62994298d756bb1a4b1ec7b6a12646be7b
-
SHA512
ce6d77ab5edf89adef4b7dd11bf612a83bd0717075eb7dc6281d0358f3276d2509a88bf77b465b6ce60039b25fc39b95facace9a5dadb57fbd68a41a19732ef2
Static task
static1
Behavioral task
behavioral1
Sample
2/51e7af4931cfea559a0d19abd4f57547.hta
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2/51e7af4931cfea559a0d19abd4f57547.hta
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
2/6fe64e0e9bc585df185a1378b9bed369.hta
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
2/6fe64e0e9bc585df185a1378b9bed369.hta
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
bitratnew9200.duckdns.org:9200
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
2/51e7af4931cfea559a0d19abd4f57547.hta
-
Size
3KB
-
MD5
51e7af4931cfea559a0d19abd4f57547
-
SHA1
cfa2d2e96f2b526beb5d9cf914d6c9a596ee722f
-
SHA256
f08e57482a2a97c1c1d0cfe5afe3557566e05a3e787df3cdb8112db6cac51e5f
-
SHA512
92723c9e0ca919faeb839023bbcce94385c64123a5f407f00113996bb761b063b49721ab03bcce9a13148d6419da19609ca37730ba3ded252faee1ad8afab812
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
2/6fe64e0e9bc585df185a1378b9bed369.hta
-
Size
3KB
-
MD5
6fe64e0e9bc585df185a1378b9bed369
-
SHA1
f827f7af161f25c5637eddfe8ffbf56710d174f0
-
SHA256
30e3fc505ce3b7051c6dcff85c9a8d76e0a8e64f28a74b1b842b6b0eeadab13c
-
SHA512
1edcebbbc39a8b5967ea906d116f5b004c95ac869619a3b069bc2c424fdb89a8efdbe1e4ae70191d5acd082f3cc07fa97feb0ebd57863445577b98e83aec3b05
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-