General
-
Target
tmpbg_av_60
-
Size
1.7MB
-
Sample
220728-r8m3gahbhm
-
MD5
fad1b418110d37814930646d24ab4239
-
SHA1
f39606e98088b8e3e6d3707954c53385caf7f88a
-
SHA256
23f0dcf06d4c4a7354f3e7f013022ed26afa823556e444054c1b0b4aec0bce78
-
SHA512
d8c147683a4728383e80565ce538a0f12ad3191928158c33a65dfd6896e9ac33c58715fb199a88341ee206c6b85d18e7325d55616ebbbcc3c691c0f7f1344b97
Static task
static1
Behavioral task
behavioral1
Sample
tmpbg_av_60.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
tmpbg_av_60.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
bitrat
1.38
kot-pandora.duckdns.org:24993
-
communication_password
d6723e7cd6735df68d1ce4c704c29a04
-
tor_process
tor
Targets
-
-
Target
tmpbg_av_60
-
Size
1.7MB
-
MD5
fad1b418110d37814930646d24ab4239
-
SHA1
f39606e98088b8e3e6d3707954c53385caf7f88a
-
SHA256
23f0dcf06d4c4a7354f3e7f013022ed26afa823556e444054c1b0b4aec0bce78
-
SHA512
d8c147683a4728383e80565ce538a0f12ad3191928158c33a65dfd6896e9ac33c58715fb199a88341ee206c6b85d18e7325d55616ebbbcc3c691c0f7f1344b97
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-