Sample File: MD5 hash: 28d203be5b27fc5d7a6f39ebde8ad63b SHA1 hash: 0e0289b2eba3397ed45bf472d4c35a4c98c3ccfb SHA256 hash: 385651ce8441af1f43c9baf8fc24040a2eea53d574c193e5ba2618d09eef1050 SSDEEP hash: 12288:KooP589upmM/eJfGUp84dlV/MOhXynhiqTk5Xq2ls5OqPWqCe9HGt:Koz9upH/eJfp82lV/Mv/6Xqn5Oo9HGt Filename(s): fhjdji.exe Filetype: Windows Exe (x86-32) Mutex IOCs: 1947119333 Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox HKEY_CURRENT_USER\Software\Valve\Steam HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Domain IOCs: raw.githubusercontent.com u7320947p3.ha004.t.justns.ru IP IOCs: 185.22.155.51 151.101.12.133 URL IOCs: raw.githubusercontent.com/fkarelli/fjrusbftnf/master/nyun.txt u7320947p3.ha004.t.justns.ru/collect.php File IOCs: Filenames: C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\QPDQMBELLP.EKRYHSSLQ C:\\Users\Default.migrated\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\FD1HVy\AppData\Local\History C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS C:\\Users\FD1HVy\AppData\Local\Application Data C:\\Users\FD1HVy\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\All Users C:\\Users\Default.migrated\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\FD1HVy\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\FD1HVy\AppData\Roaming\Psi+\profiles C:\\Users\Default.migrated\AppData\Local\NordVPN C:\\Users\Default.migrated\AppData\Roaming C:\\Users\FD1HVy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 C:\\Users\Default User C:\\Users\FD1HVy\AppData\Local\Adobe C:\\Users\FD1HVy\AppData\Local\Google C:\\Users\Default.migrated\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\FD1HVy\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\FD1HVy\AppData\Roaming C:\\Users\FD1HVy\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\Desktop C:\\Users\Default.migrated\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default.migrated\AppData\Local\Microsoft\Windows\Temporary Internet Files System Paging File C:\\Users\FD1HVy\AppData\Roaming\Psi\profiles C:\\Users\Default.migrated\AppData\Roaming\.purple\accounts.xml C:\\Users\Default.migrated\AppData\Roaming\Psi\profiles C:\\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalCache C:\\Users\FD1HVy\AppData\Local\NordVPN C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\LLMQTVYKCPKGVSOPNBD.BGPCXJEHXDFQNJEQ C:\\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\FD1HVy\AppData\Roaming\.purple\accounts.xml C:\\Users\Default.migrated\AppData\Local C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\FD1HVy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\\Users\FD1HVy\Desktop C:\Windows\System32\VBoxService.exe C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State C:\\Users\FD1HVy\AppData\Local C:\\Users\Default.migrated\AppData\Roaming\Psi+\profiles C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\LHFIWHKHJVWTSWKFVKYY.RWLO C:\\Users C:\Users\FD1HVy\Desktop\fhjdji.exe MD5 hashes: c1dd408d37b3ee3083b128dc1b402bdc d8381ea0d47cc97679983170367c001e 28d203be5b27fc5d7a6f39ebde8ad63b 5c2161fc7b16d12b45b3e53d56fad16a 164f4ab18544aae9d15a13d4515bd3dc e3a002935a782f75c8ac7f3f0505d7f2 5437864c133f53e6a43fc8678fee8ca9 SHA1 hashes: 06a317f3d6519cf226db3ab029a212293d318a1b 0e0289b2eba3397ed45bf472d4c35a4c98c3ccfb 78c8d3bdd34ba554fd077b0a126f01c6e877b1ae 5ec603207a726efa249b6ef575b2d03c64e928fd dac0862c752af45a6cad0f04e7c898fb372c6795 383ed41171772885ecedac3639de19c6d4024b57 0293c23fb53efa0521e3d8d91b703abe2e016126 SHA256 hashes: 037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748 cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a 912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7 fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129 385651ce8441af1f43c9baf8fc24040a2eea53d574c193e5ba2618d09eef1050 7cfd983f6bfb7b28d5fc4cab84a107e3873108b9c930b73ff916322b797f286f b21295ba4bb12aedf554c863eafb521f6660754336c940e292ebcab862e679c8 SSDEEP hashes: 12288:nUggoAvsCVuoWsyutpVRYz1p3Ff9Md1vpPYVSYk5EI98Lyaeui5LSoNO85OeeRw:nUggdvsFscFf9MzSVSY7C8XaLSoCee2 96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D 6:q39NqxtIn/j+QcpSLbyIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx31Hdwtm6:U+xG/fTLbygBUiBns0dcz2Hz3Vaj 48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc 24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc 24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW 12288:KooP589upmM/eJfGUp84dlV/MOhXynhiqTk5Xq2ls5OqPWqCe9HGt:Koz9upH/eJfp82lV/Mv/6Xqn5Oo9HGt