General
-
Target
54375a390c52d783d96492938d05920567a0232c2c22436161e83f21745b7711_JC.exe
-
Size
967KB
-
Sample
230906-w2f3ssaf9w
-
MD5
29e932d3d12d1811d99691acb7f228bc
-
SHA1
4c67dd3dbb393ba68e602ed43223001bb88d94e4
-
SHA256
54375a390c52d783d96492938d05920567a0232c2c22436161e83f21745b7711
-
SHA512
39d2e21c86b5fd3bac702837f7c95ffe6a0119f9647998e0496a14a6c1f0f81f65fc331977ea16bc4a041d000d80942aa374538c9f9016e6e59f9eac01cdf98f
-
SSDEEP
24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aNrpmD:BTvC/MTQYxsWR7aNo
Static task
static1
Behavioral task
behavioral1
Sample
54375a390c52d783d96492938d05920567a0232c2c22436161e83f21745b7711_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
bitrat
1.38
xwm.dynuddns.com:8889
-
communication_password
cba52b50d9cf77a308a6bedcd075f95e
-
tor_process
tor
Targets
-
-
Target
54375a390c52d783d96492938d05920567a0232c2c22436161e83f21745b7711_JC.exe
-
Size
967KB
-
MD5
29e932d3d12d1811d99691acb7f228bc
-
SHA1
4c67dd3dbb393ba68e602ed43223001bb88d94e4
-
SHA256
54375a390c52d783d96492938d05920567a0232c2c22436161e83f21745b7711
-
SHA512
39d2e21c86b5fd3bac702837f7c95ffe6a0119f9647998e0496a14a6c1f0f81f65fc331977ea16bc4a041d000d80942aa374538c9f9016e6e59f9eac01cdf98f
-
SSDEEP
24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aNrpmD:BTvC/MTQYxsWR7aNo
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-