General
-
Target
8645_30_321_PDF.exe
-
Size
300.0MB
-
Sample
221103-vshdtsfbbp
-
MD5
b77a44c24d6afbeec6bf3fc7a89eef38
-
SHA1
9c956f05e4d77353c9da0fa34ce83b9603458b68
-
SHA256
03fecf2c72e71174940f6b7b31887155ce0f92e3af5f95ed323af83b1ca9814f
-
SHA512
b9d70c2dd353f6ffcb5e1442d4c93c4afb0c3d762c718b97d87a4b2726e93992f7ad3c046d778b3823bfd289ad1d26e56228838fd8f86425298e96acdfc079c9
-
SSDEEP
49152:65yqSeXRXNTeuzSMGSQvGMQGWcR4XkKodV9SMAOeZWjUvJ2GR6bcRhOPD5U6:65yqlXRXteg54GEdCPLOt4B2K6br5
Static task
static1
Behavioral task
behavioral1
Sample
8645_30_321_PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8645_30_321_PDF.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
8645_30_321_PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
bit9090.duckdns.org:9090
bitone9090.duckdns.org:9090
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
8645_30_321_PDF.exe
-
Size
300.0MB
-
MD5
b77a44c24d6afbeec6bf3fc7a89eef38
-
SHA1
9c956f05e4d77353c9da0fa34ce83b9603458b68
-
SHA256
03fecf2c72e71174940f6b7b31887155ce0f92e3af5f95ed323af83b1ca9814f
-
SHA512
b9d70c2dd353f6ffcb5e1442d4c93c4afb0c3d762c718b97d87a4b2726e93992f7ad3c046d778b3823bfd289ad1d26e56228838fd8f86425298e96acdfc079c9
-
SSDEEP
49152:65yqSeXRXNTeuzSMGSQvGMQGWcR4XkKodV9SMAOeZWjUvJ2GR6bcRhOPD5U6:65yqlXRXteg54GEdCPLOt4B2K6br5
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-