General
-
Target
e2a66d3573ce5e66dacf16840feab675adb111081834fc198d42fc6601acd931
-
Size
2KB
-
Sample
220905-sdh1psaggp
-
MD5
94ab1477bfd459b075bcc830f853701c
-
SHA1
178d42950a9a0a605ee11476293fc1a7c71dacbd
-
SHA256
69533ca8040278fd915f469d1165ae8e78b16c7d32369a715da745a7592e8094
-
SHA512
67c334f21e5ca86c0ed4f8236af8df1a694102e644a237d01f192e7d6cfd50d9548de4fb747a9f3d3bb05c9f6deee5da289455494a3f51d8c22fb2bf14ea2f49
Static task
static1
Behavioral task
behavioral1
Sample
e2a66d3573ce5e66dacf16840feab675adb111081834fc198d42fc6601acd931.vbs
Resource
win7-20220812-en
Malware Config
Extracted
https://wtools.io/code/dl/bE0V
Extracted
bitrat
1.38
dfeefrtythg.duckdns.org:1207
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
e2a66d3573ce5e66dacf16840feab675adb111081834fc198d42fc6601acd931
-
Size
160KB
-
MD5
e7eb16683c5e373b8466a0ac1d2a5bd4
-
SHA1
a286dd06a1cfc628c2be2fa1fd8c8992bc455415
-
SHA256
e2a66d3573ce5e66dacf16840feab675adb111081834fc198d42fc6601acd931
-
SHA512
07ae198a45f0db3d087d6d9cc191536078f16aced919418651fd00f41c38bdf0ac456f4624ace849fc6c01660b7e907a2ab5cac1bca8141cfc28da6b6e316ffd
-
SSDEEP
192:n444v444QT44v444444cOggjz44v4144v4K444b44KHVJ4hXFBl/U0zsBy0hfLb3:IoOggj4+gBGU1jt
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-