General
-
Target
Factura_Cancelada #9665.exe
-
Size
2.5MB
-
Sample
230430-j9pzfsah3y
-
MD5
1364bf7f610d63e3acae29a01fa7fc42
-
SHA1
d172088d17333c8547c887776bb202612a99cdf3
-
SHA256
c6cc299e6844352e287014b48ab1d2ee4963e3c19c2c108404344e0c02a204f4
-
SHA512
6af13f82dc2701d889ca402d25f20a1fdc564ade14fb00a57cbe4045bf509a9350decea951a6737a94a1d45a4c22786a6c8720d99f40e028eff9ff55cffbe65e
-
SSDEEP
24576:L1bMBO5V78tQYqSb8mvc68VQhQ1pMj0DRq+5xHsWVBYIpf8FVpE4mlTFXv/+XmJX:LbVOO16wDRN5DKBtBmzXMZhqkX9S
Static task
static1
Behavioral task
behavioral1
Sample
Factura_Cancelada #9665.exe
Resource
win7-20230220-en
Malware Config
Extracted
bandook
gombos.ru
Targets
-
-
Target
Factura_Cancelada #9665.exe
-
Size
2.5MB
-
MD5
1364bf7f610d63e3acae29a01fa7fc42
-
SHA1
d172088d17333c8547c887776bb202612a99cdf3
-
SHA256
c6cc299e6844352e287014b48ab1d2ee4963e3c19c2c108404344e0c02a204f4
-
SHA512
6af13f82dc2701d889ca402d25f20a1fdc564ade14fb00a57cbe4045bf509a9350decea951a6737a94a1d45a4c22786a6c8720d99f40e028eff9ff55cffbe65e
-
SSDEEP
24576:L1bMBO5V78tQYqSb8mvc68VQhQ1pMj0DRq+5xHsWVBYIpf8FVpE4mlTFXv/+XmJX:LbVOO16wDRN5DKBtBmzXMZhqkX9S
-
Bandook payload
-
Suspicious use of SetThreadContext
-