General
-
Target
INVOICEXls223.exe
-
Size
6.4MB
-
Sample
230214-hw3sqabe75
-
MD5
29f24671b31ec4849ec02229d8bea0b2
-
SHA1
bba17ef1c4c0b02c6f4fc076a6035e86430c21e6
-
SHA256
08cfe144396f7fc7aaf3a47e86826d439502e4e80e6a9043bcb026ae2f1e845a
-
SHA512
da78442a44a912e871a654b6f02c5331e5ed7296c712d14ff7ec8c4e360dd92b33ebcf8d2975c3576093318d70d1f7c59f6047a1eedacb7f246758c19fb7527d
-
SSDEEP
49152:RI+dckN2zRMPlPot7kTg0AMv54vzp82GjPKa6:RI+dc
Static task
static1
Behavioral task
behavioral1
Sample
INVOICEXls223.exe
Resource
win7-20220812-en
Malware Config
Extracted
bitrat
1.38
celesperial.ddns.net:5200
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
INVOICEXls223.exe
-
Size
6.4MB
-
MD5
29f24671b31ec4849ec02229d8bea0b2
-
SHA1
bba17ef1c4c0b02c6f4fc076a6035e86430c21e6
-
SHA256
08cfe144396f7fc7aaf3a47e86826d439502e4e80e6a9043bcb026ae2f1e845a
-
SHA512
da78442a44a912e871a654b6f02c5331e5ed7296c712d14ff7ec8c4e360dd92b33ebcf8d2975c3576093318d70d1f7c59f6047a1eedacb7f246758c19fb7527d
-
SSDEEP
49152:RI+dckN2zRMPlPot7kTg0AMv54vzp82GjPKa6:RI+dc
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-