General
-
Target
time.exe
-
Size
7.8MB
-
Sample
230826-zsw97sfa8y
-
MD5
03b9dd8b1e16ad5c2a605ad6b18493a7
-
SHA1
725f4473d8e09a8a9fcad2e8900dfb74623d4f18
-
SHA256
06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
-
SHA512
8c5c077bd7575483b3601221b77e5b49b9acb7181fe73173dd5879cd19b6d517b5f2454390884ea87490da72cb2e37b5d476132f96415a68b209ce740c7b1c4f
-
SSDEEP
196608:LIRcbH4jSteTGvwxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuwxwZ6v1CPwDv3uFteg2EeJUO9E
Behavioral task
behavioral1
Sample
time.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
time.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
bitrat
1.38
tcki6mrrcnrt33qy52viv7m64y6hepkv646nnzglrkbgytyt6b2hdrid.onion:80
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
dllhost
Targets
-
-
Target
time.exe
-
Size
7.8MB
-
MD5
03b9dd8b1e16ad5c2a605ad6b18493a7
-
SHA1
725f4473d8e09a8a9fcad2e8900dfb74623d4f18
-
SHA256
06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
-
SHA512
8c5c077bd7575483b3601221b77e5b49b9acb7181fe73173dd5879cd19b6d517b5f2454390884ea87490da72cb2e37b5d476132f96415a68b209ce740c7b1c4f
-
SSDEEP
196608:LIRcbH4jSteTGvwxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuwxwZ6v1CPwDv3uFteg2EeJUO9E
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-