Sample File:

	MD5 hash:
		241f592a445513811b3bc3f104ffb2a8

	SHA1 hash:
		578c0a16e2428764c928db50738db2d843ca6c2f

	SHA256 hash:
		7713cce5768ed6d8250d01a006e26b5cfab3ff296f8c6dd8684a5142cc54c671

	SSDEEP hash:
		6144:3z2W1PSKq67m+2xgx08t3tmrFLLgjIv5+dHgSnSppJlV3/jKGKYoezUtyB:/u6sxgK8t9mrFL0jougpJL3/jKGxN9

	Filename(s):
		EB54.tmp.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		A6CF1546B-343A2EC6-63D8DC88-FF4A8C5D-82A11F69


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SysHelper
		HKEY_LOCAL_MACHINE
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName


Domain IOCs:

		api.2ip.ua
		pool.ug
		root.ug


IP IOCs:

		77.123.139.189
		46.232.113.12


URL IOCs:

		https://api.2ip.ua/geo.json
		http://pool.ug/tesptc/penelop/updatewin1.exe
		http://pool.ug/tesptc/penelop/updatewin2.exe
		http://pool.ug/tesptc/penelop/updatewin.exe
		http://pool.ug/tesptc/penelop/3.exe
		http://pool.ug/tesptc/penelop/4.exe
		http://pool.ug/tesptc/penelop/5.exe
		http://root.ug/AsdweufhjJfh3745ihdjf39458penelop11/auhsduyewy783/get.php?pid=32EB8DA0DCF8DD23092C768E66F3E191&first=true
		pool.ug/1/index.php


File IOCs:

	Filenames:

		
		C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\
		C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-console-l1-1-0.dll
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\b5a25ed0-1316-46f7-8916-da3c9e0e5de0
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\b5a25ed0-1316-46f7-8916-da3c9e0e5de0\5.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\b5a25ed0-1316-46f7-8916-da3c9e0e5de0\updatewin.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\b5a25ed0-1316-46f7-8916-da3c9e0e5de0\updatewin1.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\b5a25ed0-1316-46f7-8916-da3c9e0e5de0\updatewin2.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\e7a330f2-5311-4ef8-8fe9-e63e989b94ee
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\e7a330f2-5311-4ef8-8fe9-e63e989b94ee\EB54.tmp.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EB54.tmp.exe
		C:\Windows\System32\drivers\etc\hosts

	MD5 hashes:

		241f592a445513811b3bc3f104ffb2a8
		360d265eddea8679c434a205f7ade7ad
		502263c56f931df8440d7fd2fa7b7c00
		5b4bd24d6240f467bfbc74803c9f15b0
		7637e83def3c66546bb4a6ee5e963b03
		996ba35165bb62473d2a6743a5200d45
		e3083483121cd288264f8c5624fb2cd1
		f5442e7cbe1e892923fd0b00a7140154
		f972c62f986b5ed49ad7713d93bf6c9f

	SHA1 hashes:

		144a1dd6714ff4b5675c32f428d1899e500140a5
		4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
		52169b0b5cce95c6905873b8d12a759c234bd2e0
		523a3d7c3f4491e67fc710575d8e23314db2c1a2
		578c0a16e2428764c928db50738db2d843ca6c2f
		6a011e277c8ae77c7b2ff21d0fdbf91426fc4e9c
		a108e7bc6008a541dfbf0921839a75dd2e2831c5
		c17f98c182d299845c54069872e8137645768a1a
		e17d843f610e0283904e201195360525ae449a68

	SHA256 hashes:

		114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
		14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
		2c86d7b96c84867cef8e2af972b128615747e17ae4f159c74a1fefe4bf728c59
		48417c1248dfbde668a1118f1d1178ccd0a29612035f25f5724c10a2d6e98fcd
		5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
		5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
		7713cce5768ed6d8250d01a006e26b5cfab3ff296f8c6dd8684a5142cc54c671
		94a5df1227818edbfd0d5091c6a48f86b4117c38550343f780c604eee1cd6231
		b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8

	SSDEEP hashes:

		192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
		3072:HZBj7PK5clI62E9+v81gl6GH0g8NKKkbGcsRwMfPNHXyfhfwE8bOLT7Pu5dFY:HzGcw6+816pKxwMXwYElnPM
		3:uIHeGAFcX5wTnl:/eGgHTl
		6144:3z2W1PSKq67m+2xgx08t3tmrFLLgjIv5+dHgSnSppJlV3/jKGKYoezUtyB:/u6sxgK8t9mrFL0jougpJL3/jKGxN9
		6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE
		6144:JMLLGApbfLsx8TsvD6OD61XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX56:JMLdpMdhDyXXnXXfXXXWXXXXHXXXXBXK
		6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf
		96:0PDcDhR+N8l/u/UljeuCDvvUwfiX3uZ/gXbGklZ+uYSbG4t8K:0PwtyG/EuCrsRX++XbGg+uh
		96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax