General
-
Target
91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655
-
Size
1.5MB
-
Sample
220817-jfld6sfeb5
-
MD5
45a7d174e1fee169316107638d633985
-
SHA1
0f6bb823d193e4ab8b3ac4facb9c55a0654927f2
-
SHA256
91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655
-
SHA512
ac3253f8c40bf7cff08dfda0d01e826ffdb5dcc958aa545e4fc0309b115a533f4b69a00329273516cb6a79eee6d503b56236f9c3d6f5635d626dcd283095c028
-
SSDEEP
24576:XD+M4PdJSqshQrYiD8x8OOAvPNME+cuZd2ZA6eisc/AFIsByBWz:ebSq+p85B9d2XAypBS
Static task
static1
Behavioral task
behavioral1
Sample
91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655.exe
Resource
win7-20220812-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655
-
Size
1.5MB
-
MD5
45a7d174e1fee169316107638d633985
-
SHA1
0f6bb823d193e4ab8b3ac4facb9c55a0654927f2
-
SHA256
91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655
-
SHA512
ac3253f8c40bf7cff08dfda0d01e826ffdb5dcc958aa545e4fc0309b115a533f4b69a00329273516cb6a79eee6d503b56236f9c3d6f5635d626dcd283095c028
-
SSDEEP
24576:XD+M4PdJSqshQrYiD8x8OOAvPNME+cuZd2ZA6eisc/AFIsByBWz:ebSq+p85B9d2XAypBS
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-