General
-
Target
No. 084846841890405108198901510854.exe
-
Size
4.3MB
-
Sample
220831-hkz8fsadel
-
MD5
bb92db09f340086e56d2d52b92433cfa
-
SHA1
ffa73080e2df83527da723abb87e578058e480c1
-
SHA256
bf52209b7528e1583f14e3fb84ef1488a704c996473881c7aae10ecc4568b49c
-
SHA512
4d17643d08f27bfab083d15db6b5dbb88d07b436048001acbdb4e1c0a8c1a35e286aa9b8c88acb3984dca1c66bed5e4813ad77552ac8c551cfea85d03c79c04e
-
SSDEEP
98304:w2lzWEp7GWq47aDMn8MbSopmt0+UhIYCun7P+OKtkPd1B:tlCERGN4WMnhbSopmuIsn7PN
Static task
static1
Behavioral task
behavioral1
Sample
No. 084846841890405108198901510854.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
No. 084846841890405108198901510854.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
bendito.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
No. 084846841890405108198901510854.exe
-
Size
4.3MB
-
MD5
bb92db09f340086e56d2d52b92433cfa
-
SHA1
ffa73080e2df83527da723abb87e578058e480c1
-
SHA256
bf52209b7528e1583f14e3fb84ef1488a704c996473881c7aae10ecc4568b49c
-
SHA512
4d17643d08f27bfab083d15db6b5dbb88d07b436048001acbdb4e1c0a8c1a35e286aa9b8c88acb3984dca1c66bed5e4813ad77552ac8c551cfea85d03c79c04e
-
SSDEEP
98304:w2lzWEp7GWq47aDMn8MbSopmt0+UhIYCun7P+OKtkPd1B:tlCERGN4WMnhbSopmuIsn7PN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-