General
-
Target
f8d13962aeee346b491d9527e1de23e438262eadd1f27ae1ab071b8bb9fbf4cf
-
Size
94KB
-
Sample
240328-ejkjtsbf67
-
MD5
c3fb6eaef47d15ac602a9303b1f8b3ec
-
SHA1
cb199a54ef6afb56622ebae472735f352c525fbc
-
SHA256
f8d13962aeee346b491d9527e1de23e438262eadd1f27ae1ab071b8bb9fbf4cf
-
SHA512
8e61975a25ed0aca839c5ed1f9d223742372a9196eaf36176f3fed9914a956468b335e1d687ba33752915b6267f95116a60364e446cc817ec3352832feef99c0
-
SSDEEP
1536:p8mQfSwRDnLplcYpa9vpw+cKmnvhkCtep6+aWNwWN+hNKNdkgECg58GH4ZmF7Wmb:2s2TdlWhDSm6Zc7+NKvkgbg5cmxVXLv
Behavioral task
behavioral1
Sample
0023baf38263857e32b8cdbeb25ac2e95ae25ccf082d193f187ef8fc192f930b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0023baf38263857e32b8cdbeb25ac2e95ae25ccf082d193f187ef8fc192f930b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\1nddzense.README.txt
LyricSullivan@proton.me
CaPorter1997@proton.me
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
Extracted
C:\1nddzense.README.txt
LyricSullivan@proton.me
CaPorter1997@proton.me
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
Targets
-
-
Target
0023baf38263857e32b8cdbeb25ac2e95ae25ccf082d193f187ef8fc192f930b
-
Size
147KB
-
MD5
9b8b1c67c3ea9880a21ee85789e22ef1
-
SHA1
de880afad0b6f9afa30e5964e55d52146268d4f1
-
SHA256
0023baf38263857e32b8cdbeb25ac2e95ae25ccf082d193f187ef8fc192f930b
-
SHA512
951d710b3e3cb280fe8b726478ef4096ddeb2607ca06dd5e48009e1da0e13e75b417a7015b8cb31689b5927a12e4721376db0043085e6dfe9403f31c65d11e41
-
SSDEEP
3072:46glyuxE4GsUPnliByocWepp/6NemuUqk8BTqQIr:46gDBGpvEByocWeTbL4d
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-