General
-
Target
PVKGH03HJWERN.zip
-
Size
1.8MB
-
Sample
220513-vhy9lahdg7
-
MD5
0469938a8c71ef023515811df1cc1bf9
-
SHA1
87eb298bd7381f8d88d14128f2f58ab76a9601ea
-
SHA256
d960c97a693f3b7c934ff2666bfd0de1db6c901820b01a8fb988a3ee8b4b3965
-
SHA512
cb816e982325b0f4aaf7c9fcc0a07cd02ec751929a47cd9d7e5926171a6d98c514e9b9fc11b550283e703390504ad43a111cb9984d31ab410a6166aeb05b8ebd
Static task
static1
Behavioral task
behavioral1
Sample
PVKGH03HJWERN.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitr8637.duckdns.org:5021
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
PVKGH03HJWERN.exe
-
Size
300.0MB
-
MD5
244cc80b5232c9525f0a0e907ffec5f1
-
SHA1
4502126f0aaba2132d6bf3f4783413d822a0ef35
-
SHA256
8039afdf227e58a893ad6598eefd323a2a57e4d4dac4095324735cf78d46d6ba
-
SHA512
2a8cb4e2c611e97656c127bbd47771462272d6fa16a5dfa985a000427a0fcfba015d709e8ea9a2f5e8c47831ca6eef30db9928a636d99d0128935ba8a44b4984
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-