Sample File:

	MD5 hash:
		b6ebd9021bce7665ac01a1614ef6b7e6

	SHA1 hash:
		81109eef625dec849e60d61f8e17dc8b7d893246

	SHA256 hash:
		9542c4da58ef85804bd1240ed67bef02f5d5bca0b0084a074a3575894d929ff2

	SSDEEP hash:
		24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaZ:Lw80cTsjkWag+79b4KxM

	Filename(s):
		laafdy.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Net123432asdds-QHTWEM
		PnPUnattend


Registry Key IOCs:

		HKEY_CURRENT_USER\Control Panel\Mouse
		HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
		HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt
		HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\
		HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\licence
		HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\name
		HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\override
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName


Domain IOCs:

		micxrus.ru


IP IOCs:

		194.5.98.89


URL IOCs:

		- None -


File IOCs:

	Filenames:

		AboveLockAppHost.exe
		C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url
		C:\Users\FD1HVy\AppData\Roaming\phoneactivate
		C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe
		C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs
		C:\Users\FD1HVy\Desktop\laafdy.exe
		C:\Users\FD1HVy\Desktop\laafdy.exe:Zone.Identifier
		phoneactivate

	MD5 hashes:

		6d6a9da3ed1f72ed583f4c62373d9530
		a635d51b90fc12c47dd74b2126c73a83
		b6ebd9021bce7665ac01a1614ef6b7e6
		f674e1b3b514a8f401d779ae26147e6b

	SHA1 hashes:

		208591acfec3c5235865395317a5cc2cab9416bd
		4822751d6b452261ad539813f99756c4dbf882b6
		71961de25ea0d1f47ebfa33382a2db054f193b94
		81109eef625dec849e60d61f8e17dc8b7d893246

	SHA256 hashes:

		0a89f1b05c990f5fceaab56d385f8092cbd7960399a31e68f5423ef49cbf0003
		853ee679a046ef13c6b18fcc601e99e5fcb3ae3d738235d6382f37404745f5c5
		9542c4da58ef85804bd1240ed67bef02f5d5bca0b0084a074a3575894d929ff2
		99a1b0fecaeef1933f737c9a8eccf5e05e91ed1aeba46ac9eac2dc7863ca88c5

	SSDEEP hashes:

		24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaR:Lw80cTsjkWag+79b4Kxg
		24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaZ:Lw80cTsjkWag+79b4KxM
		3:HRAbABGQVuOEwREaKC5KkZzIdktXNn:HRYF5OxiaZ5K0ICN
		3:jaPcYoncIQBHoEwREaKC5KkZzIdktXNHn:jk+cjIxiaZ5K0IC1