General
-
Target
20a053a28982e502041fb64ba6a319f1.exe
-
Size
2.3MB
-
Sample
221102-t4ampaace5
-
MD5
20a053a28982e502041fb64ba6a319f1
-
SHA1
7ab21c182aa8524d646270c80a76b3a31eb58cec
-
SHA256
420f4f14345ae55e3c59ecc653718f4633c6ba031efb2d985a2a7ca435f1eed4
-
SHA512
cc8b2fd59eb67bafa08cd8591125182f725b65f3ed583e253776fe1a9cabd047b490bf440bd76b7de2daefd3bac3feadb5ed06de9aa9f3ebdf1a2925831c0e45
-
SSDEEP
49152:gGob3H1M9GGWN1zsCMCj+Z5sZwCEARHQnYsk5lqVKdmwzm0p:gGWq9GGm1I1A+Z5UHWHIlSKUwzFp
Static task
static1
Behavioral task
behavioral1
Sample
20a053a28982e502041fb64ba6a319f1.exe
Resource
win7-20220812-en
Malware Config
Extracted
bitrat
1.38
101.99.94.203:1234
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
20a053a28982e502041fb64ba6a319f1.exe
-
Size
2.3MB
-
MD5
20a053a28982e502041fb64ba6a319f1
-
SHA1
7ab21c182aa8524d646270c80a76b3a31eb58cec
-
SHA256
420f4f14345ae55e3c59ecc653718f4633c6ba031efb2d985a2a7ca435f1eed4
-
SHA512
cc8b2fd59eb67bafa08cd8591125182f725b65f3ed583e253776fe1a9cabd047b490bf440bd76b7de2daefd3bac3feadb5ed06de9aa9f3ebdf1a2925831c0e45
-
SSDEEP
49152:gGob3H1M9GGWN1zsCMCj+Z5sZwCEARHQnYsk5lqVKdmwzm0p:gGWq9GGm1I1A+Z5UHWHIlSKUwzFp
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-