General
-
Target
5f1ab238cfe95a4038013b537c4a898e.exe
-
Size
4.8MB
-
Sample
220830-rxmybsbhd7
-
MD5
5f1ab238cfe95a4038013b537c4a898e
-
SHA1
49b8d02da8c6f4b0e96824d5634b0acd759b5ed9
-
SHA256
935195b8b2fc62b32c1fe86d02ce9cf5f97dd367ba476d72a5b49bf0953f4df2
-
SHA512
9043224693c125bbb30722e398e2b0fc79cd53132fb4407d3266c2bd5fa1aebe834bba629febc260dc58085595e5855e0917c700adcd3df54e2db7aca66ade38
-
SSDEEP
98304:f/o8tOZ/mQUM4UIhvmrilz7avIfkmLZEuB+rz1nLY:n3tih4Nhe0ewPBE1n
Static task
static1
Behavioral task
behavioral1
Sample
5f1ab238cfe95a4038013b537c4a898e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5f1ab238cfe95a4038013b537c4a898e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
moneymaker.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
5f1ab238cfe95a4038013b537c4a898e.exe
-
Size
4.8MB
-
MD5
5f1ab238cfe95a4038013b537c4a898e
-
SHA1
49b8d02da8c6f4b0e96824d5634b0acd759b5ed9
-
SHA256
935195b8b2fc62b32c1fe86d02ce9cf5f97dd367ba476d72a5b49bf0953f4df2
-
SHA512
9043224693c125bbb30722e398e2b0fc79cd53132fb4407d3266c2bd5fa1aebe834bba629febc260dc58085595e5855e0917c700adcd3df54e2db7aca66ade38
-
SSDEEP
98304:f/o8tOZ/mQUM4UIhvmrilz7avIfkmLZEuB+rz1nLY:n3tih4Nhe0ewPBE1n
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-