Resubmissions
11-04-2024 07:23
240411-h79qeaee77 1011-04-2024 07:22
240411-h7ha6aee65 1011-04-2024 07:22
240411-h7g1dshf5x 1011-04-2024 07:22
240411-h7gdvsee63 1011-04-2024 07:22
240411-h7fsbshf5w 1007-04-2024 08:58
240407-kxh6tahg75 1007-04-2024 07:55
240407-jr6jgsgd3z 1007-04-2024 07:54
240407-jrz2psgh28 1007-04-2024 07:54
240407-jrvf8agd3w 1007-04-2024 07:51
240407-jqb89agg76 10General
-
Target
6ec74da2134bd56250ca32be04b9b697
-
Size
7.8MB
-
Sample
240411-h79qeaee77
-
MD5
6ec74da2134bd56250ca32be04b9b697
-
SHA1
d20ff3ed5ff0f49b10d6c06dbc5710fb910e2e28
-
SHA256
1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386
-
SHA512
d4d71707f0d8e5d7473980ddebea9fe7764dd38cc3cb51e789336869f28425d5d42aa229cdaac08ba22bebdabf108bfeb8c5f30452f9fd2787275c2863e3fea2
-
SSDEEP
196608:6CRAktw/6k1Juxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTVI:VRAktqJuxwZ6v1CPwDv3uFteg2EeJUOf
Behavioral task
behavioral1
Sample
6ec74da2134bd56250ca32be04b9b697.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6ec74da2134bd56250ca32be04b9b697.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
6ec74da2134bd56250ca32be04b9b697.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
6ec74da2134bd56250ca32be04b9b697.exe
Resource
win11-20240214-en
Malware Config
Extracted
bitrat
1.33
bkc56e3jgy5zlfq7ialxyppztuh4dgranlyauupid4uc2ze5hg2cshqd.onion:80
-
communication_password
a0439c943ecd02cca78474e6b334f67e
-
install_dir
Java_update
-
install_file
java_update.exe
-
tor_process
adobe
Targets
-
-
Target
6ec74da2134bd56250ca32be04b9b697
-
Size
7.8MB
-
MD5
6ec74da2134bd56250ca32be04b9b697
-
SHA1
d20ff3ed5ff0f49b10d6c06dbc5710fb910e2e28
-
SHA256
1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386
-
SHA512
d4d71707f0d8e5d7473980ddebea9fe7764dd38cc3cb51e789336869f28425d5d42aa229cdaac08ba22bebdabf108bfeb8c5f30452f9fd2787275c2863e3fea2
-
SSDEEP
196608:6CRAktw/6k1Juxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTVI:VRAktqJuxwZ6v1CPwDv3uFteg2EeJUOf
Score10/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-