General
-
Target
wdfvbn.exe
-
Size
289.4MB
-
Sample
220729-yg3geadcdp
-
MD5
566135e9a517a204c2e8fb2f7332ecdc
-
SHA1
4cde0ea64922233cafe2eba489a79d67222e2022
-
SHA256
1b3da7f55427827f44cafce5301508fb6e2806c387e5044479778c8dde87624a
-
SHA512
9caf700b65d48617e6df09f2754a212c0c90908695b9be0aa33c2e7640e0529d20a91b51eab6dd3a775a51b63f281dfd358afe271b1781cf16165bc24cb1bdfe
Static task
static1
Behavioral task
behavioral1
Sample
wdfvbn.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
wdfvbn.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
wdfvbn.exe
-
Size
289.4MB
-
MD5
566135e9a517a204c2e8fb2f7332ecdc
-
SHA1
4cde0ea64922233cafe2eba489a79d67222e2022
-
SHA256
1b3da7f55427827f44cafce5301508fb6e2806c387e5044479778c8dde87624a
-
SHA512
9caf700b65d48617e6df09f2754a212c0c90908695b9be0aa33c2e7640e0529d20a91b51eab6dd3a775a51b63f281dfd358afe271b1781cf16165bc24cb1bdfe
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-