Sample File:

	MD5 hash:
		a569f53cea651e45340ce04742ff345d

	SHA1 hash:
		061f2639ef163811bbd7f89a68d3bcb53c925b84

	SHA256 hash:
		1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3

	SSDEEP hash:
		49152:BT3q666wmnmnmRhtqvE7DTm/8888s8888:BT3q666FmmRhtqc7DTY8888s8888

	Filename(s):
		Godsomware.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Godsomware v1.0
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableRegedit
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST\2007
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST\2008
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST\FirstEntry
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST\LastEntry
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Display
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Dlt
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Std
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\TZI
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger
		HKEY_LOCAL_MACHINE\Software\NinjaGhost\Godsomware v1.0\1.0.0.0


Domain IOCs:

		afdo-tas-offload.trafficmanager.net
		client-office365-tas.msedge.net
		config.edge.skype.com
		s-0001.s-msedge.net
		vip5.afdorigin-prod-am02.afdogw.com


IP IOCs:

		13.107.3.128
		52.232.69.150
		157.56.120.208


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\Users\CIiHmnxMn6Ps\Desktop\Godsomware.exe
		C:\Users\CIiHmnxMn6Ps\Desktop\Godsomware.exe.config
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config

	MD5 hashes:

		a569f53cea651e45340ce04742ff345d

	SHA1 hashes:

		061f2639ef163811bbd7f89a68d3bcb53c925b84

	SHA256 hashes:

		1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3

	SSDEEP hashes:

		49152:BT3q666wmnmnmRhtqvE7DTm/8888s8888:BT3q666FmmRhtqc7DTY8888s8888