General
-
Target
7626356148.zip
-
Size
1.5MB
-
Sample
220621-tz5x2aabd9
-
MD5
95a4755e4c0da8d68871013d4cfd4f27
-
SHA1
a4c2606ed8e316e1f95a5f995df9fd0312de8490
-
SHA256
e0f298edfbcb95ec248fb23a3eefb54886e882371e0f28abfabaf1e00e73b9ef
-
SHA512
06d4b9cc76fa187ff2f2fae9f378d74be39c0ff4bee0d660eeec3a249f7ad370a427826a0c73486430c48f44dc86f55a61997773c0138e859bf0d2e994f38950
Static task
static1
Behavioral task
behavioral1
Sample
VAMSKIDH_INVOICE.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9400.duckdns.org:9400
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
VAMSKIDH_INVOICE.exe
-
Size
200.0MB
-
MD5
cf46eb85c503955b25cb4b2ab6051357
-
SHA1
dcfc790d0c190ba754e97d86ee9b9fad6e2ae079
-
SHA256
a19a136b09c11bb722d6aec359d0cd517a38c87b9f34ec82ed6c4adf6884b41f
-
SHA512
3ce4f1acddd9a9b0db87b93c8af2b0df21f36b58fb47bb053c5ec1782b7bea7e161016f8bc3ba3388db7511ec146a26ceba894c4032b7e79708a3a5280ddd1b2
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-