General
-
Target
1cd30f9b6de43c81f5b891833cd22d0d.exe
-
Size
3.3MB
-
Sample
220513-rszrbsgea8
-
MD5
1cd30f9b6de43c81f5b891833cd22d0d
-
SHA1
e6cadd792590770e30781ca35ea4e5232114ca5f
-
SHA256
afee0b3d9b0d5b49066b1c30caa599cfda93d070170ef5e30d33e534cb185eb2
-
SHA512
7aa03c588c44a76826260fb2ddd703d922bed05c8ff45bae644c4f56574b83f7b3326389b15db8eff1a1c8f074d6f9303ecd7cb2951dcff4ee7371f07fd3b7fb
Static task
static1
Behavioral task
behavioral1
Sample
1cd30f9b6de43c81f5b891833cd22d0d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1cd30f9b6de43c81f5b891833cd22d0d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
37.0.11.155:4670
-
communication_password
31af2433c836721a29f5d8e94b790444
-
tor_process
tor
Targets
-
-
Target
1cd30f9b6de43c81f5b891833cd22d0d.exe
-
Size
3.3MB
-
MD5
1cd30f9b6de43c81f5b891833cd22d0d
-
SHA1
e6cadd792590770e30781ca35ea4e5232114ca5f
-
SHA256
afee0b3d9b0d5b49066b1c30caa599cfda93d070170ef5e30d33e534cb185eb2
-
SHA512
7aa03c588c44a76826260fb2ddd703d922bed05c8ff45bae644c4f56574b83f7b3326389b15db8eff1a1c8f074d6f9303ecd7cb2951dcff4ee7371f07fd3b7fb
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-