General
-
Target
Order-801273.exe
-
Size
400.0MB
-
Sample
220518-nq1dashcc4
-
MD5
c9a9d18ead3057717c60eefeaf011ba4
-
SHA1
af5ba38e123ca5978463f94941c9713cf62d7829
-
SHA256
3ebc4d88afd107563375136bce533101692f2fd8dbe38ee57bc192c8ff58168b
-
SHA512
4599d8710065d5a6ec36e6112bc45955bd3fd9131d215d7a9e34bac880661c5c3d51694f78e85bd578747e0bcffd531a2f77351e1aebec5cebbeabdd67f0daa9
Static task
static1
Behavioral task
behavioral1
Sample
Order-801273.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
kot-pandora.duckdns.org:24993
-
communication_password
d6723e7cd6735df68d1ce4c704c29a04
-
tor_process
tor
Targets
-
-
Target
Order-801273.exe
-
Size
400.0MB
-
MD5
c9a9d18ead3057717c60eefeaf011ba4
-
SHA1
af5ba38e123ca5978463f94941c9713cf62d7829
-
SHA256
3ebc4d88afd107563375136bce533101692f2fd8dbe38ee57bc192c8ff58168b
-
SHA512
4599d8710065d5a6ec36e6112bc45955bd3fd9131d215d7a9e34bac880661c5c3d51694f78e85bd578747e0bcffd531a2f77351e1aebec5cebbeabdd67f0daa9
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-