General
-
Target
AMNSUJAH-PAYMENT-RECEIPT.iso
-
Size
301.9MB
-
Sample
220729-t27veabce7
-
MD5
fd5dd95ad2c95d9501b03929f4b6dbc4
-
SHA1
fc4c2bb05a61c9de5e1d51c468c1c449599b95fa
-
SHA256
d3129117f572c8e22ec58e98bc686859d64113e2d95bba6cd589fc1e9951e8c2
-
SHA512
f60f65e2356a0b9fb2b6639fa3ff6a58ed125edfba26c52cad39fb4304b60c1a10dc9a920d57bf402d2a4d8d2a08478ac384ca6b53a35011a0eb14e96e403fa8
Static task
static1
Behavioral task
behavioral1
Sample
ANMSHYJ-PAYMENT-RECEIPT.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
ANMSHYJ-PAYMENT-RECEIPT.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
ANMSHYJ-PAYMENT-RECEIPT.exe
-
Size
301.8MB
-
MD5
a1b0f15861a9c64387b0924e82dfc33e
-
SHA1
66fe15a278acef5021ec91726bee6736bdc71c18
-
SHA256
3589091389cbe739f503458a707eba26b87bfd7aa2cf8e1cebb664f19016f68f
-
SHA512
eab604bab847dc6982d5b04423e7a7295256e8782ef29abf1a08ef1d78dafaab73dcf0327cab9735d78c41e481899be366777685dda9b152a99f3594ace77b06
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-