General
-
Target
ANANOHYJ-PAYMENT-RECEIPT.exe
-
Size
300.0MB
-
Sample
220729-xh8jdacbb8
-
MD5
dba3209d9c78a3bf216ba69f483af62c
-
SHA1
68b017f099f31c1e631283007cfa25513d2ae924
-
SHA256
e2ada17298bdb93977b0f7c57907bc7077437c43b813d8ba3e81f2e93b3bec5d
-
SHA512
42b5d35c9d0f43ce2e438bda6e686b57ec906ab2588ed0f5862948134e73c8e1649d1f895d46dcea58147523861ac1faa7669fb4c0b7d3d30586bbf07ad82ef7
Static task
static1
Behavioral task
behavioral1
Sample
ANANOHYJ-PAYMENT-RECEIPT.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
ANANOHYJ-PAYMENT-RECEIPT.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
ANANOHYJ-PAYMENT-RECEIPT.exe
-
Size
300.0MB
-
MD5
dba3209d9c78a3bf216ba69f483af62c
-
SHA1
68b017f099f31c1e631283007cfa25513d2ae924
-
SHA256
e2ada17298bdb93977b0f7c57907bc7077437c43b813d8ba3e81f2e93b3bec5d
-
SHA512
42b5d35c9d0f43ce2e438bda6e686b57ec906ab2588ed0f5862948134e73c8e1649d1f895d46dcea58147523861ac1faa7669fb4c0b7d3d30586bbf07ad82ef7
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-