Sample File:

	MD5 hash:
		ba9f55ce820b48d6f1c78c10e7434db7

	SHA1 hash:
		b4e5b48f0a19ff733caa0a25d4cd3930b8cee023

	SHA256 hash:
		9748e28cd2e2a1a06ed9a5125b085e3e72654aa7cfc9d2f8400b7355ecd0c471

	SSDEEP hash:
		12288:+OSzSJpSkJFVxPlySItIuTrVbOTUs/yDGzQHYX/eeS9NE6bmInNqrXWSk13c31In:Q6pSGPT2FOTU3DjHeeeANEe9ArXk3cFQ

	Filename(s):
		CUsersabdoAppDataLocalde14c4d4-af10-40ba-b2e7-b7cd78dfba75FCEB.tmp.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SysHelper


Domain IOCs:

		api.2ip.ua
		blvd.top


IP IOCs:

		80.249.145.69
		77.123.139.189


URL IOCs:

		http://blvd.top/ydtftysdtyftysdfsdpen3/get.php?pid=9A523923862794A7075459032DF51D89&first=true
		http://blvd.top/files/penelop/updatewin1.exe
		http://blvd.top/files/penelop/updatewin2.exe
		http://blvd.top/files/penelop/updatewin.exe
		http://blvd.top/files/penelop/3.exe
		http://blvd.top/files/penelop/4.exe
		http://blvd.top/files/penelop/5.exe
		https://api.2ip.ua/geo.json


File IOCs:

	Filenames:
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\6c6aafd4-f7f7-4f0c-8b07-1dd41571cbc8
		I:\5d2860c89d774.jpg
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\6c6aafd4-f7f7-4f0c-8b07-1dd41571cbc8\updatewin1.exe
		C:\Windows\System32\drivers\etc\hosts
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\bowsakkdestx.txt
		C:\SystemID
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\6c6aafd4-f7f7-4f0c-8b07-1dd41571cbc8\5.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CUsersabdoAppDataLocalde14c4d4-af10-40ba-b2e7-b7cd78dfba75FCEB.tmp.exe
		C:\SystemID\PersonalID.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\0cf16e90-25f3-4a59-b809-8330957d8bce
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\6c6aafd4-f7f7-4f0c-8b07-1dd41571cbc8\updatewin2.exe

	MD5 hashes:
		5b4bd24d6240f467bfbc74803c9f15b0
		157d95011a4ee17bc03363c225dea722
		ba9f55ce820b48d6f1c78c10e7434db7
		f972c62f986b5ed49ad7713d93bf6c9f
		360d265eddea8679c434a205f7ade7ad
		996ba35165bb62473d2a6743a5200d45
		bd63937c9ca3c907d6e100e7107f1f66
		c183857770364b05c2011bdebb914ed3

	SHA1 hashes:
		040e5ac904de86328cca053a15596e118fc5da24
		4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
		e17d843f610e0283904e201195360525ae449a68
		c17f98c182d299845c54069872e8137645768a1a
		4bcb94650158006f88e99560698a64f8b99e171d
		b3501a46302831f3fb4f4217f023a34aaae8e9fd
		b4e5b48f0a19ff733caa0a25d4cd3930b8cee023
		52169b0b5cce95c6905873b8d12a759c234bd2e0

	SHA256 hashes:
		5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
		094c4931fdb2f2af417c9e0322a9716006e8211fe9017f671ac6e3251300acca
		b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
		4df818945a818ecc360a627cb4eb55bad33f2553f9de5018887cb75ee7f12ad7
		9748e28cd2e2a1a06ed9a5125b085e3e72654aa7cfc9d2f8400b7355ecd0c471
		5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
		92a8aa2f94b814cb84731e3b948914fbdcbd40b38c0ea615a7b51820892452dd
		14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e

	SSDEEP hashes:
		6144:F4HGZVbZQ0ckUCtFWBqFWzLfBXm+411d1SkgnJjyEhB+BfcEQWofOOMLpi6:qyVxUCrW0FWJap1u4sYkcFi
		6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE
		96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax
		3::
		12288:+OSzSJpSkJFVxPlySItIuTrVbOTUs/yDGzQHYX/eeS9NE6bmInNqrXWSk13c31In:Q6pSGPT2FOTU3DjHeeeANEe9ArXk3cFQ
		6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf
		3:uIHeGAFcX5wTnl:/eGgHTl
		12:YGJ68AW8KO5+Pdxa8uzKYQmkMvOpv2V5BDbMU:YgJAWhdwCuVvbMU