General
-
Target
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a
-
Size
1.2MB
-
Sample
220622-amk8baffgr
-
MD5
4d8e51aef3a20a478ed61982b3a366b2
-
SHA1
2d583524130646bc9a689e537fcbe06f04da7f36
-
SHA256
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a
-
SHA512
fa40ba4ec2cc1f7c79ae09a224436d587e6cc83119bb9e7668ffc1b6e94fe0c0916ec5f22a6a6eccdd845d2450649997bf630cb3e371030107560823726781c4
Static task
static1
Behavioral task
behavioral1
Sample
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a
-
Size
1.2MB
-
MD5
4d8e51aef3a20a478ed61982b3a366b2
-
SHA1
2d583524130646bc9a689e537fcbe06f04da7f36
-
SHA256
2f0406b56f511aa19d5e9e896e4e86e33768550784b2c97a6bef65b1b60eba6a
-
SHA512
fa40ba4ec2cc1f7c79ae09a224436d587e6cc83119bb9e7668ffc1b6e94fe0c0916ec5f22a6a6eccdd845d2450649997bf630cb3e371030107560823726781c4
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-