General
-
Target
lz.exe
-
Size
388KB
-
Sample
230901-gkt6rsda96
-
MD5
4ff84ca1c02088f313c97694244cb2a4
-
SHA1
d2ffff7d201ac6236d3d091047f498c11bae00d6
-
SHA256
f3126ddd86d1e048db68f22cb1de5de871282bbd5764c4c77867042c8f1aab93
-
SHA512
0ab79b098be51c4035871e1b85bb815954a0c936fb9bc5bc598ac824e1c4e45d5f6b56f4f3e4a063c82a91ab30cb953018abc9161e3b2cfdf785d97d6a09d00b
-
SSDEEP
12288:tCspLdeVEn/oEehNiNsF9hS2Oga+nqgU+1kkqabCtXSXNcqye9cBz:tCULoVEn/oEsA/2OgVqgU+1kkqabCtXB
Static task
static1
Behavioral task
behavioral1
Sample
lz.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
lz.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
bitrat
1.38
rornfl12.duckdns.org:3072
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
chrome
-
install_file
updater
-
tor_process
tor
Targets
-
-
Target
lz.exe
-
Size
388KB
-
MD5
4ff84ca1c02088f313c97694244cb2a4
-
SHA1
d2ffff7d201ac6236d3d091047f498c11bae00d6
-
SHA256
f3126ddd86d1e048db68f22cb1de5de871282bbd5764c4c77867042c8f1aab93
-
SHA512
0ab79b098be51c4035871e1b85bb815954a0c936fb9bc5bc598ac824e1c4e45d5f6b56f4f3e4a063c82a91ab30cb953018abc9161e3b2cfdf785d97d6a09d00b
-
SSDEEP
12288:tCspLdeVEn/oEehNiNsF9hS2Oga+nqgU+1kkqabCtXSXNcqye9cBz:tCULoVEn/oEsA/2OgVqgU+1kkqabCtXB
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-