General
-
Target
invoice.exe
-
Size
16KB
-
Sample
220810-nc5e4abch7
-
MD5
aa1d9a07e0bd53a161cb35168bb1bb31
-
SHA1
f4503fd5b9d8b23c02bff1abd23fb17ce341f907
-
SHA256
08ad11bae99deab8e128dfea4c85f8bb46124f32a7cfae956c1b650e94f005fa
-
SHA512
1185abec300c865b7f167f583b5b2ea62b7860ad9da58d0b0779a754ea9fc783a8c49d6592e345c7840ad773936a14d9ced6e39651eeaecf3271d5acd9b36049
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220718-en
Malware Config
Extracted
bitrat
1.38
eichelberger.duckdns.org:7744
-
communication_password
2eb6e59fac395f7cb5a7b52ea31fa9f2
-
tor_process
tor
Targets
-
-
Target
invoice.exe
-
Size
16KB
-
MD5
aa1d9a07e0bd53a161cb35168bb1bb31
-
SHA1
f4503fd5b9d8b23c02bff1abd23fb17ce341f907
-
SHA256
08ad11bae99deab8e128dfea4c85f8bb46124f32a7cfae956c1b650e94f005fa
-
SHA512
1185abec300c865b7f167f583b5b2ea62b7860ad9da58d0b0779a754ea9fc783a8c49d6592e345c7840ad773936a14d9ced6e39651eeaecf3271d5acd9b36049
-
Downloads MZ/PE file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-