Resubmissions
17-04-2024 14:50
240417-r7sxbsch57 1017-04-2024 14:50
240417-r7pjxach48 1017-04-2024 14:50
240417-r7nmlsec7w 1017-04-2024 14:50
240417-r7m13sch46 1017-04-2024 14:50
240417-r7mqbaec61 1015-04-2024 13:17
240415-qjtnaahe9v 1010-04-2024 12:00
240410-n6ndnsaa4w 1010-04-2024 12:00
240410-n6m3xaaa4t 1010-04-2024 12:00
240410-n6m3xaaa4s 1010-04-2024 12:00
240410-n6lvvaeh23 10General
-
Target
a7613e5c267e7f270918ef87fcb1e45c
-
Size
7.8MB
-
Sample
240410-n6ndnsaa4w
-
MD5
a7613e5c267e7f270918ef87fcb1e45c
-
SHA1
5ce965496ce1d9eea2d78548854bd486c11329d1
-
SHA256
1b9c4646b8840ef2d2a24603ffa2efa695ee29002c0057d4ba558080f2c485b6
-
SHA512
19888cf9937c44770dff47027ada8ef8eaa46cc849717ec0fb46bb32d07434b3b851efa708decd2fa18c07333cc247d35e03d71fbd386caea839bf44cdd7c0d2
-
SSDEEP
196608:LIRcbH4jSteTGvCxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuCxwZ6v1CPwDv3uFteg2EeJUO9E
Behavioral task
behavioral1
Sample
a7613e5c267e7f270918ef87fcb1e45c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a7613e5c267e7f270918ef87fcb1e45c.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
a7613e5c267e7f270918ef87fcb1e45c.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
a7613e5c267e7f270918ef87fcb1e45c.exe
Resource
win11-20240221-en
Malware Config
Extracted
bitrat
1.38
4napo6g3cp6av4hmxmwzi5lyojpfk3i2kl2tpssb2wvidqsa3kzo6eyd.onion:80
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
install_dir
windir
-
install_file
win32.exe
-
tor_process
windows32
Targets
-
-
Target
a7613e5c267e7f270918ef87fcb1e45c
-
Size
7.8MB
-
MD5
a7613e5c267e7f270918ef87fcb1e45c
-
SHA1
5ce965496ce1d9eea2d78548854bd486c11329d1
-
SHA256
1b9c4646b8840ef2d2a24603ffa2efa695ee29002c0057d4ba558080f2c485b6
-
SHA512
19888cf9937c44770dff47027ada8ef8eaa46cc849717ec0fb46bb32d07434b3b851efa708decd2fa18c07333cc247d35e03d71fbd386caea839bf44cdd7c0d2
-
SSDEEP
196608:LIRcbH4jSteTGvCxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuCxwZ6v1CPwDv3uFteg2EeJUO9E
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-