General
-
Target
Billpayment&Invoice.bin
-
Size
300.6MB
-
Sample
220909-vn5cssgff7
-
MD5
5374eb500738e45c6890a80967d780e2
-
SHA1
b3001e91dbb05c81590f96191a3da3c130e0bace
-
SHA256
bf6a3ac0316f35f0e8663019709028b9d352c1bf10f8bed23807b40309f5ba60
-
SHA512
1442c3f26fe20518c1898602734aac0c8196509009b5fb9d31461a1391078927c1eab870260f675d6b8105110e1147379d856858bd025e15d9fd2c09cca7e152
-
SSDEEP
24576:L+GQ7D8nXiNeGFPQKpFCjI/teJb2Q/eF2YlIECXRPbSVKcS2nOI3lqaNJJxEJYsO:L+GaeGtpFC8/mb9ejKulkPaNJo
Static task
static1
Behavioral task
behavioral1
Sample
BILLPAYM.exe
Resource
win7-20220812-en
Malware Config
Extracted
bitrat
1.38
newbithere.duckdns.org:2005
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
BILLPAYM.EXE
-
Size
300.0MB
-
MD5
41d8a777ddc40a009a046f88900c0b80
-
SHA1
25dfd72ffe79eb5884d27fead86f4886bed638de
-
SHA256
e6844a84f9210b5803147c158c841404331177bf409dab05fecb3b3303d50347
-
SHA512
e75f3bfc85ed1def013474d61d5ee936ce36f499e0e111a7a1264180b7c7cc0b9a35469c35549e14c5efccc105db509aa5935152aab4e028b038e12b126f4514
-
SSDEEP
24576:R+GQ7D8nXiNeGFPQKpFCjI/teJb2Q/eF2YlIECXRPbSVKcS2nOI3lqaNJJxEJYsO:R+GaeGtpFC8/mb9ejKulkPaNJo
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-