General
-
Target
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
-
Size
7.8MB
-
Sample
240425-qegsxsba4s
-
MD5
feb61ffde2dd829e738ea35dc8ee6208
-
SHA1
659e17fe8390c0494e1363c2ebd11333638fd56e
-
SHA256
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
-
SHA512
609d2a7950643bea16e353d73157429f304cd1807808becb6fd2c5bbeeb07c6583a98f0e76b7e051390771502cabc7bbda4360f53388867ab863c6f564fbd959
-
SSDEEP
196608:oIRcbH4jSteTGv1xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu1xwZ6v1CPwDv3uFteg2EeJUO9E
Behavioral task
behavioral1
Sample
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
Resource
win11-20240412-en
Malware Config
Extracted
bitrat
1.38
n7dua2r7ev3r6fsisszycs7fvy4a36epnfje5s7lz5eiduoxetqg55ad.onion:1235
-
communication_password
99754106633f94d350db34d548d6091a
-
install_dir
temp
-
install_file
test1
-
tor_process
test2
Targets
-
-
Target
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
-
Size
7.8MB
-
MD5
feb61ffde2dd829e738ea35dc8ee6208
-
SHA1
659e17fe8390c0494e1363c2ebd11333638fd56e
-
SHA256
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
-
SHA512
609d2a7950643bea16e353d73157429f304cd1807808becb6fd2c5bbeeb07c6583a98f0e76b7e051390771502cabc7bbda4360f53388867ab863c6f564fbd959
-
SSDEEP
196608:oIRcbH4jSteTGv1xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu1xwZ6v1CPwDv3uFteg2EeJUO9E
Score10/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-