Resubmissions
17-04-2024 14:47
240417-r6de9acg59 1017-04-2024 14:47
240417-r6ctqaec2s 1017-04-2024 14:47
240417-r6az5acg56 1017-04-2024 14:47
240417-r6apcseb9z 1017-04-2024 14:47
240417-r59gascg54 1015-04-2024 13:15
240415-qhmtcahe7v 1010-04-2024 08:18
240410-j7smkacd9y 1010-04-2024 08:18
240410-j7r12ahc48 1010-04-2024 08:18
240410-j7q4qshc46 1010-04-2024 08:17
240410-j6pvaahc28 10General
-
Target
b960516dbba002bdd037ada7f1b06a5b
-
Size
7.2MB
-
Sample
240410-j6pvaahc28
-
MD5
b960516dbba002bdd037ada7f1b06a5b
-
SHA1
e1e1332833b253cb3a012a1ee98f73bab2a912d1
-
SHA256
7e362d3f43b007df435a0f3ec47c3a84851b56c3ff77875399d94ae32783ad7a
-
SHA512
cb026ef01582506af21a03c4894e91d46bafe21ab909c915dbb6bc5de78ce959c24cb538cc74efedac2698315100031df660969ae2052328b10db2ac9612c948
-
SSDEEP
196608:WSiMHV9Zxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV73c+:WSiMHV9ZxwZ6v1CPwDv3uFteg2EeJUOl
Behavioral task
behavioral1
Sample
b960516dbba002bdd037ada7f1b06a5b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b960516dbba002bdd037ada7f1b06a5b.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
b960516dbba002bdd037ada7f1b06a5b.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
b960516dbba002bdd037ada7f1b06a5b.exe
Resource
win11-20240319-en
Malware Config
Extracted
bitrat
1.32
lvyowbbwycqoqwjmpmnpfyhzdcvxthuuabmcsocjamvzfgwzdat5wwid.onion:80
-
communication_password
31f943bd559a10ccec7dc2356aba02aa
-
install_dir
System
-
install_file
system32.exe
-
tor_process
system32
Targets
-
-
Target
b960516dbba002bdd037ada7f1b06a5b
-
Size
7.2MB
-
MD5
b960516dbba002bdd037ada7f1b06a5b
-
SHA1
e1e1332833b253cb3a012a1ee98f73bab2a912d1
-
SHA256
7e362d3f43b007df435a0f3ec47c3a84851b56c3ff77875399d94ae32783ad7a
-
SHA512
cb026ef01582506af21a03c4894e91d46bafe21ab909c915dbb6bc5de78ce959c24cb538cc74efedac2698315100031df660969ae2052328b10db2ac9612c948
-
SSDEEP
196608:WSiMHV9Zxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV73c+:WSiMHV9ZxwZ6v1CPwDv3uFteg2EeJUOl
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-