General
-
Target
6caf87f3ac2674c815b4019425cce43b
-
Size
12KB
-
Sample
220811-xrxhgabbel
-
MD5
6caf87f3ac2674c815b4019425cce43b
-
SHA1
9274907a4cc5d874b3cc28909fe5a83ff8a8cc11
-
SHA256
3c899c73d5ea50974caaecffad5ff67922cfea4d233ac0f4a0b24814bdb76ab8
-
SHA512
e6d348f73dfec3819befae0e7c2a3d3ed2e47bed89dc0086554ea4585af3f8007c16e35d1329a6d86f991fa4bb016b4632ca2d58ee2e9f1ebf78abdb807f8de1
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
eichelberger.duckdns.org:7744
-
communication_password
2eb6e59fac395f7cb5a7b52ea31fa9f2
-
tor_process
tor
Targets
-
-
Target
invoice.exe
-
Size
16KB
-
MD5
aa1d9a07e0bd53a161cb35168bb1bb31
-
SHA1
f4503fd5b9d8b23c02bff1abd23fb17ce341f907
-
SHA256
08ad11bae99deab8e128dfea4c85f8bb46124f32a7cfae956c1b650e94f005fa
-
SHA512
1185abec300c865b7f167f583b5b2ea62b7860ad9da58d0b0779a754ea9fc783a8c49d6592e345c7840ad773936a14d9ced6e39651eeaecf3271d5acd9b36049
-
Downloads MZ/PE file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-