User tags
Assigned on submission by the user, not by sandbox detections.
General
-
Target
Stub.exe.3
-
Size
3.8MB
-
Sample
230912-b48wdadb36
-
MD5
5d422b017137a0060e7de3b1ddff3fbb
-
SHA1
fbc8138cc80dd477ec6bd45ade7bdd27de251260
-
SHA256
c733abcd9c2a5c1734242bc3238dd44e9aaf7e2c01878bebe2751c1b99f9a658
-
SHA512
b5794b69eb87e6e3f0fe19dfe0734a94fb342e27dc3e2936abd052d7cf8f82b672d28a250378b15c3631be6ce60a21643573d372a12917d5cbfa941f17fd4bdc
-
SSDEEP
98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/7mlwXVZ4FB:5+R/eZADUXR
Behavioral task
behavioral1
Sample
Stub.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Stub.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
bitrat
1.38
smgqnt3eixxksasu.xyz:1234
-
communication_password
30afda4853ef5b1bc36463ba95d84247
-
tor_process
tor
Targets
-
-
Target
Stub.exe.3
-
Size
3.8MB
-
MD5
5d422b017137a0060e7de3b1ddff3fbb
-
SHA1
fbc8138cc80dd477ec6bd45ade7bdd27de251260
-
SHA256
c733abcd9c2a5c1734242bc3238dd44e9aaf7e2c01878bebe2751c1b99f9a658
-
SHA512
b5794b69eb87e6e3f0fe19dfe0734a94fb342e27dc3e2936abd052d7cf8f82b672d28a250378b15c3631be6ce60a21643573d372a12917d5cbfa941f17fd4bdc
-
SSDEEP
98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/7mlwXVZ4FB:5+R/eZADUXR
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-