General
-
Target
BHThisAccountManger2.EXE
-
Size
6.2MB
-
Sample
230901-gs3swach2z
-
MD5
c2eb25d76d29c98f90d8c61004149a0c
-
SHA1
2c576db59c1c7e13d3572b9c9857bda4bcbe4fe1
-
SHA256
d0c42bf9edad21b80063db0a7fe9a3d1486c72551fc04b622e44529e5610fa1f
-
SHA512
d5493612fce6ba1d7d9ad79cd301d165686b7ca8f105407d094ad8528c1a9d76ba7ac8fc51d462fdbe6bae8a1f5354a96aad47ea1863e3d575ed985f60b04ade
-
SSDEEP
98304:cJ/yV00WA5L+wvgG7Wwpa1ugWYB5ADouSY4oLWL/6IkV0qBh6WVs3fER3ckWQP8B:QqV00WAcvwpCB4DBMuIQ08h6AfWoBk
Static task
static1
Behavioral task
behavioral1
Sample
BHThisAccountManger2.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
BHThisAccountManger2.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
bitrat
1.38
rornfl12.duckdns.org:3072
-
communication_password
be767243ca8f574c740fb4c26cc6dceb
-
install_dir
chrome
-
install_file
chome.exe
-
tor_process
tor
Targets
-
-
Target
BHThisAccountManger2.EXE
-
Size
6.2MB
-
MD5
c2eb25d76d29c98f90d8c61004149a0c
-
SHA1
2c576db59c1c7e13d3572b9c9857bda4bcbe4fe1
-
SHA256
d0c42bf9edad21b80063db0a7fe9a3d1486c72551fc04b622e44529e5610fa1f
-
SHA512
d5493612fce6ba1d7d9ad79cd301d165686b7ca8f105407d094ad8528c1a9d76ba7ac8fc51d462fdbe6bae8a1f5354a96aad47ea1863e3d575ed985f60b04ade
-
SSDEEP
98304:cJ/yV00WA5L+wvgG7Wwpa1ugWYB5ADouSY4oLWL/6IkV0qBh6WVs3fER3ckWQP8B:QqV00WAcvwpCB4DBMuIQ08h6AfWoBk
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-