General
-
Target
3f4db4050dee9f3e8bd5e5582c819cf5.exe
-
Size
2.3MB
-
Sample
220601-h3sw4afbh2
-
MD5
3f4db4050dee9f3e8bd5e5582c819cf5
-
SHA1
9791da30a7d8e2370d035d46dc45238daaf79301
-
SHA256
8dae589a1806bcf1cf37a85cf9821a25527c4a271d8aba3c9a8f621061766840
-
SHA512
f748cd3cd36f994977010305c71e6f4eeb611240c7edcb972e29bb7c82c7067715001e492d12975c9e14d38496acb1643e75bb7703f568ab5effe53bd62227dd
Static task
static1
Behavioral task
behavioral1
Sample
3f4db4050dee9f3e8bd5e5582c819cf5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f4db4050dee9f3e8bd5e5582c819cf5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
37.0.11.155:4670
-
communication_password
31af2433c836721a29f5d8e94b790444
-
tor_process
tor
Targets
-
-
Target
3f4db4050dee9f3e8bd5e5582c819cf5.exe
-
Size
2.3MB
-
MD5
3f4db4050dee9f3e8bd5e5582c819cf5
-
SHA1
9791da30a7d8e2370d035d46dc45238daaf79301
-
SHA256
8dae589a1806bcf1cf37a85cf9821a25527c4a271d8aba3c9a8f621061766840
-
SHA512
f748cd3cd36f994977010305c71e6f4eeb611240c7edcb972e29bb7c82c7067715001e492d12975c9e14d38496acb1643e75bb7703f568ab5effe53bd62227dd
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-