General
-
Target
ESPECTIVAMENTE ANEXOMOS SU BOLETA DE CITACION.exe
-
Size
371KB
-
Sample
220603-tskzaaffbk
-
MD5
9f495470fa07e7c507648a7e4b1a6782
-
SHA1
844ec7af5261f2e4cbeef7ef7fe767673764bec4
-
SHA256
57729955749eded12d1f59824756b2f2e6aeaaf38774bc63799a96df67f02f6d
-
SHA512
3c493241a8f39b41c45b9bf091a97b4f8dde4910c36c8963b546233ae7f3d0e84a295e4671b8182495bbffab312d76f1c9448e8be3d0ef3d6723c88318b226be
Static task
static1
Behavioral task
behavioral1
Sample
ESPECTIVAMENTE ANEXOMOS SU BOLETA DE CITACION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ESPECTIVAMENTE ANEXOMOS SU BOLETA DE CITACION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
reyhrwwet4y.duckdns.org :1880
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
ESPECTIVAMENTE ANEXOMOS SU BOLETA DE CITACION.exe
-
Size
371KB
-
MD5
9f495470fa07e7c507648a7e4b1a6782
-
SHA1
844ec7af5261f2e4cbeef7ef7fe767673764bec4
-
SHA256
57729955749eded12d1f59824756b2f2e6aeaaf38774bc63799a96df67f02f6d
-
SHA512
3c493241a8f39b41c45b9bf091a97b4f8dde4910c36c8963b546233ae7f3d0e84a295e4671b8182495bbffab312d76f1c9448e8be3d0ef3d6723c88318b226be
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-