General
-
Target
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3
-
Size
1.6MB
-
Sample
220611-yvyqdaefcm
-
MD5
2592b6379d2dbfa49e3ed25edf864692
-
SHA1
aae1e5f8af598b3ca227c3311bdda7c4057b8b33
-
SHA256
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3
-
SHA512
225115fee22cca1dd502fee70937e10ccda5c8869448a2e40c9e5bfb90398e7ed90e2fe30412ec01d0d108ddc5ee9094c93f7248725023205c0e00ef72f4be8c
Static task
static1
Behavioral task
behavioral1
Sample
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3
-
Size
1.6MB
-
MD5
2592b6379d2dbfa49e3ed25edf864692
-
SHA1
aae1e5f8af598b3ca227c3311bdda7c4057b8b33
-
SHA256
251e5b6f2b31c12ba7faf8e3f1a3b70d0988dcc66cfc9d52303c22a8077687b3
-
SHA512
225115fee22cca1dd502fee70937e10ccda5c8869448a2e40c9e5bfb90398e7ed90e2fe30412ec01d0d108ddc5ee9094c93f7248725023205c0e00ef72f4be8c
Score10/10-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-