General
-
Target
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199
-
Size
1.1MB
-
Sample
220731-f2aysaade9
-
MD5
a7c9f8f4023766dd97fd19d0fc8f9e5f
-
SHA1
c5b618d060a8651f150d9df59057b7d23947f1e2
-
SHA256
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199
-
SHA512
9c34dcdb7d6acf87655ea696672b32999d42f64f2555c5e6ad0f66c4fbc566b3b1ff86e37dd4368b76f7e74831a453560becf052e19ad4c65fdd96a0435dfce4
Behavioral task
behavioral1
Sample
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199
-
Size
1.1MB
-
MD5
a7c9f8f4023766dd97fd19d0fc8f9e5f
-
SHA1
c5b618d060a8651f150d9df59057b7d23947f1e2
-
SHA256
78443d6d279ce1801d0873dc2e30ea6adb4bb4f2e62e2413c8d3e50a1f371199
-
SHA512
9c34dcdb7d6acf87655ea696672b32999d42f64f2555c5e6ad0f66c4fbc566b3b1ff86e37dd4368b76f7e74831a453560becf052e19ad4c65fdd96a0435dfce4
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-