General
-
Target
ZMANHSYTGDH.exe
-
Size
300.0MB
-
Sample
220812-tjnzksheb5
-
MD5
a730bb7884d349d1ddc845d21836b94c
-
SHA1
fd6594a90a24130f8888fcf626450dd7d2aaaead
-
SHA256
56d029f38edfb1aee407aa0fdff20a61e61707324dc2119049b941a1951a7d32
-
SHA512
b19fbd1bae8d92336848bdfad4f27806637d71258b61cccda6413c1f350e90f00134b8c55c25813dd742557202e258bb1cbb43b46fc1feb1f1a7d96e816c6504
Static task
static1
Behavioral task
behavioral1
Sample
ZMANHSYTGDH.exe
Resource
win7-20220812-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
ZMANHSYTGDH.exe
-
Size
300.0MB
-
MD5
a730bb7884d349d1ddc845d21836b94c
-
SHA1
fd6594a90a24130f8888fcf626450dd7d2aaaead
-
SHA256
56d029f38edfb1aee407aa0fdff20a61e61707324dc2119049b941a1951a7d32
-
SHA512
b19fbd1bae8d92336848bdfad4f27806637d71258b61cccda6413c1f350e90f00134b8c55c25813dd742557202e258bb1cbb43b46fc1feb1f1a7d96e816c6504
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-