General
-
Target
TODAY PAYMENT.zip
-
Size
1.8MB
-
Sample
220627-wdevtscfbq
-
MD5
f5158c2e0fcada41efb90647a56be12e
-
SHA1
6ded28917e702c8ae74181dc22b99e701571bc5a
-
SHA256
68599aed1a59ea181bd317a0ac5ec38b57c2537c4ef3ef606708576bf87036c7
-
SHA512
d8adbe26fede56535856c7c380fccab1c44abc9bb037db801910f943fa3f68927bf069ba458fea93e4befcc86629b9e7bfac37f7236f181aa9b008bb80809a7e
Static task
static1
Behavioral task
behavioral1
Sample
vnhgf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
vnhgf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9400.duckdns.org:9400
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
vnhgf.exe
-
Size
300.0MB
-
MD5
a5335343971e56e6ff268dcfe8774ae9
-
SHA1
25c8a25b5c1dd7913e4447dd15056afd52d95c4a
-
SHA256
1a66d08dd756f9fe6f3e936fb3b7c245d46b267c2512c997df86030e9d634734
-
SHA512
8ef2c8eff3ea1c26fd5c202aaad0fb6e6c2f895b791e47422aa7a34b879633d531d43328767b82df977ad53528d21359897f701c0e8d1018ca935c353aa91ca4
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-