General
-
Target
oka.exe
-
Size
1.7MB
-
Sample
220809-kj3nashee6
-
MD5
09cf009d15f845497667171a11a51fd3
-
SHA1
c45fdc8dacdf6901e81185ff684d3deda57af6e7
-
SHA256
d3ddf40b5133634e7b56f9532035264723ac3006442f82f1af013c88f581ad22
-
SHA512
75424b3572e63f8eb19b6c8cbc5c987354f7db8bb4d32e8f3a5c74fee8144b8ec717bc4422ac090b2763b5e10917927c7a8c136e23832a7362646b33a9c903c0
Static task
static1
Behavioral task
behavioral1
Sample
oka.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
oka.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
yakbitpeople.duckdns.org:9175
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
oka.exe
-
Size
1.7MB
-
MD5
09cf009d15f845497667171a11a51fd3
-
SHA1
c45fdc8dacdf6901e81185ff684d3deda57af6e7
-
SHA256
d3ddf40b5133634e7b56f9532035264723ac3006442f82f1af013c88f581ad22
-
SHA512
75424b3572e63f8eb19b6c8cbc5c987354f7db8bb4d32e8f3a5c74fee8144b8ec717bc4422ac090b2763b5e10917927c7a8c136e23832a7362646b33a9c903c0
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-