General
-
Target
Cancelar Factura.exe
-
Size
2.9MB
-
Sample
230430-j75bcsag91
-
MD5
5c3cb19563848d0bee7238a6bf55abc9
-
SHA1
766737ca6149bcd018ef7cfce49b3b90fe0325d9
-
SHA256
c1c7a5fe3203fe7ecd6b4581a12f85803174d5e2b8df2e98cccb8a5d740b1d36
-
SHA512
bbf31136b59edfc1c630a96e348a20d7f494e999534e19aea565ca9c2f074f27be8bac27ccf07165c5f025daa955741a131424250a543d83e6e46fed2af44341
-
SSDEEP
49152:Ofc6jhQyaOKBcZt7MUt0dfwwWC1R9Jbl8/u5K:O062yaOt
Static task
static1
Behavioral task
behavioral1
Sample
Cancelar Factura.exe
Resource
win7-20230220-en
Malware Config
Extracted
bandook
bomes.ru
Targets
-
-
Target
Cancelar Factura.exe
-
Size
2.9MB
-
MD5
5c3cb19563848d0bee7238a6bf55abc9
-
SHA1
766737ca6149bcd018ef7cfce49b3b90fe0325d9
-
SHA256
c1c7a5fe3203fe7ecd6b4581a12f85803174d5e2b8df2e98cccb8a5d740b1d36
-
SHA512
bbf31136b59edfc1c630a96e348a20d7f494e999534e19aea565ca9c2f074f27be8bac27ccf07165c5f025daa955741a131424250a543d83e6e46fed2af44341
-
SSDEEP
49152:Ofc6jhQyaOKBcZt7MUt0dfwwWC1R9Jbl8/u5K:O062yaOt
-
Bandook payload
-
Suspicious use of SetThreadContext
-