Sample File:

	MD5 hash:
		b3c84d5c7cde6b094a0e2c7b9a2004fd

	SHA1 hash:
		f32a43ac984e3ed11f374f69281539aa62acd6dd

	SHA256 hash:
		15a9c96372795124730f77034d64357fa50a82d71ebbc4dc5384c23d13e99cdc

	SSDEEP hash:
		1536:AO6ayqCgtrA/xR+R6qzRayqCgtrA/xRIO:9ZxXlexMYqzcxXlexD

	Filename(s):
		0AJTD.txt.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		


Registry Key IOCs:

		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace


Domain IOCs:

		u.teknik.io
		teknik.io


IP IOCs:

		5.79.72.163


URL IOCs:

		https://u.teknik.io/uEs1w.bin


File IOCs:

	Filenames:
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0AJTD.txt.exe
		C:\Windows\system32\MSVBVM60.DLL
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
		C:\%insfolder%\%insname%
		\??\C:\Windows\syswow64\mstsc.exe

	MD5 hashes:
		b3c84d5c7cde6b094a0e2c7b9a2004fd

	SHA1 hashes:
		f32a43ac984e3ed11f374f69281539aa62acd6dd

	SHA256 hashes:
		15a9c96372795124730f77034d64357fa50a82d71ebbc4dc5384c23d13e99cdc

	SSDEEP hashes:
		1536:AO6ayqCgtrA/xR+R6qzRayqCgtrA/xRIO:9ZxXlexMYqzcxXlexD