General
-
Target
15a52de73b3395308f5806176d575c6b.exe
-
Size
4.3MB
-
Sample
220720-1w7qsaaff8
-
MD5
15a52de73b3395308f5806176d575c6b
-
SHA1
21ff34e8dcc57c6708655d8a346ce73b5e92d729
-
SHA256
e1b20a947e37528f38157fd59f0f1fac2b220247c657f6756304026b7e64f814
-
SHA512
c101177ea3b7b34c17eb07e2ca503165a669f955daea0fd6c3cc7b11b18d90394e51c33831273fe77ed60a27b031de2b764a7d4205653ccb4f87102304b11f52
Static task
static1
Behavioral task
behavioral1
Sample
15a52de73b3395308f5806176d575c6b.exe
Resource
win7-20220718-en
Malware Config
Extracted
bitrat
1.38
queentaline.ddns.net:1117
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
15a52de73b3395308f5806176d575c6b.exe
-
Size
4.3MB
-
MD5
15a52de73b3395308f5806176d575c6b
-
SHA1
21ff34e8dcc57c6708655d8a346ce73b5e92d729
-
SHA256
e1b20a947e37528f38157fd59f0f1fac2b220247c657f6756304026b7e64f814
-
SHA512
c101177ea3b7b34c17eb07e2ca503165a669f955daea0fd6c3cc7b11b18d90394e51c33831273fe77ed60a27b031de2b764a7d4205653ccb4f87102304b11f52
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-