Sample File:

	MD5 hash:
		2cc70c4beed0ba6db11c63bf435c6bf2

	SHA1 hash:
		18348a70148e1424ba4c30298b05f3f8820313cd

	SHA256 hash:
		8dad2f78f4ac3756165293666361a157ecaf50e2c2c8344cccd09f018912f3a8

	SSDEEP hash:
		24576:tARMZUIPP/ri1nFART87BJ8Z/2tyNkIaC8mp:GRM2IPPzwFAF87X8R2t+ao

	Filename(s):
		585939.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
		0303d5b4-ffe9-470e-9dd8-7d9ec416e53f{846ee340-7039-11de-9d20-806e6f6e6963}


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SysHelper
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid


Domain IOCs:

		api.2ip.ua
		akbz.top


IP IOCs:

		5.53.124.144
		77.123.139.189


URL IOCs:

		http://akbz.top/ydtftysdtyftysdfsdpen3/get.php?pid=7E227702037139ADC1BDF7020DB500BA&first=true
		http://akbz.top/files/penelop/updatewin1.exe
		http://akbz.top/files/penelop/updatewin2.exe
		http://akbz.top/files/penelop/updatewin.exe
		http://akbz.top/files/penelop/3.exe
		http://akbz.top/files/penelop/4.exe
		http://akbz.top/files/penelop/5.exe
		https://api.2ip.ua/geo.json
		chumashpeople.com/517


File IOCs:

	Filenames:
		C:\_readme.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\585939.exe
		C:\Boot\BCD.LOG2
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\f2685878-c1d9-47fc-b7a6-e4dee8a92594\updatewin1.exe
		C:\Boot\BCD.LOG
		C:\BOOTSECT.BAK
		C:\Boot\BOOTSTAT.DAT
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1
		C:\SystemID\PersonalID.txt
		C:\SystemID
		C:\Boot\BCD.LOG1.sqpc
		C:\ProgramData\E6P3CMJ7GO09UGAW4TCHZY4YL
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\f2685878-c1d9-47fc-b7a6-e4dee8a92594
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\45df4fd3-2e0d-4883-810e-1f70f9babe97
		C:\ProgramData\E6P3CMJ7GO09UGAW4TCHZY4YL\files
		I:\5d2860c89d774.jpg
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\f2685878-c1d9-47fc-b7a6-e4dee8a92594\5.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\f2685878-c1d9-47fc-b7a6-e4dee8a92594\updatewin2.exe
		C:\Boot\BCD.LOG1
		C:\Windows\System32\drivers\etc\hosts
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\bowsakkdestx.txt

	MD5 hashes:
		996ba35165bb62473d2a6743a5200d45
		360d265eddea8679c434a205f7ade7ad
		2cc70c4beed0ba6db11c63bf435c6bf2
		f972c62f986b5ed49ad7713d93bf6c9f
		ebb0cedc105d7c3ec87e444e7c756e00
		c413a85a03cdfb16cf76308385bbb2ae
		157d95011a4ee17bc03363c225dea722
		d41d8cd98f00b204e9800998ecf8427e
		c183857770364b05c2011bdebb914ed3
		5b4bd24d6240f467bfbc74803c9f15b0

	SHA1 hashes:
		e17d843f610e0283904e201195360525ae449a68
		c17f98c182d299845c54069872e8137645768a1a
		52169b0b5cce95c6905873b8d12a759c234bd2e0
		4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
		18348a70148e1424ba4c30298b05f3f8820313cd
		3adebf3ca2a599424c15615d2da6aafd526acb97
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		b3501a46302831f3fb4f4217f023a34aaae8e9fd
		82a506fdb6be326711c1d276f3bfb1363acac49c
		040e5ac904de86328cca053a15596e118fc5da24

	SHA256 hashes:
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
		5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
		4df818945a818ecc360a627cb4eb55bad33f2553f9de5018887cb75ee7f12ad7
		094c4931fdb2f2af417c9e0322a9716006e8211fe9017f671ac6e3251300acca
		8dad2f78f4ac3756165293666361a157ecaf50e2c2c8344cccd09f018912f3a8
		4f14b4e8518086549a4686c9e1a482402653f3e8961b6c0fb4bd53abc8076f40
		b79c9fad7864f60bc3140bd5dca17af29db2cacfabf53d6ed8b56e513c915f8d
		b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
		5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d

	SSDEEP hashes:
		3::
		24576:tARMZUIPP/ri1nFART87BJ8Z/2tyNkIaC8mp:GRM2IPPzwFAF87X8R2t+ao
		6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE
		3:uIHeGAFcX5wTnl:/eGgHTl
		96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax
		12288:Bzc7CikDv71D5qiz+gM8EjBeuQfQ1S39C9ULZb:5BzD3qrgM8EjBd1S3Y9ULZ
		24:FSimHPnIekFQjhRe9bgnYLuWiGGmFRqrl3W4kA+GT/kF5M2/kC6qvJMbMr:NmHfv0p6Wi1PFWrDGT0f/kCPvYMr
		12:YGJ68AW8KO5+Pdxa8uzKYQmkMvOpv2V5BDbMU:YgJAWhdwCuVvbMU
		6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf