Sample File:

	MD5 hash:
		1d051a0f5165c47c90baa60c66cd8dc9

	SHA1 hash:
		1e776e848abfcc4e7dd2221a6c6128c1649cc3e8

	SHA256 hash:
		9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

	SSDEEP hash:
		1536:2YlhZ0zbT9LvCaU4eWkdSwXof3k0oV+18YwK+RjQar8xZLBn2:2YlhZq9LvCaEbM3k0oVY/+Oac9B

	Filename(s):
		PASHKA.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		CHIMERA
		Global\c1a76b5a-12ab-45c5-b9d9-d692faa6e7a2


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
		HKEY_LOCAL_MACHINE


Domain IOCs:

		- None -

IP IOCs:

		1.1.1.1


URL IOCs:

		- None -

File IOCs:

	Filenames:
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
		C:\Users\FD1HVy\Desktop\PASHKA.exe
		c:\windows\system32\ntdll.dll
		C:\WINDOWS\SysWOW64\net1.exe
		\??\C:\Users\FD1HVy\Desktop\PASHKA.exe
		c:\windows\system32\kernel32.dll
		C:\WINDOWS\SysWOW64\cmd.exe
		C:\Users\FD1HVy\Desktop
		c:\windows\system32\advapi32.dll
		c:\windows\system32\KernelBase.dll
		Nul
		c:\windows\system32\sechost.dll

	MD5 hashes:
		1d051a0f5165c47c90baa60c66cd8dc9

	SHA1 hashes:
		1e776e848abfcc4e7dd2221a6c6128c1649cc3e8

	SHA256 hashes:
		9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

	SSDEEP hashes:
		1536:2YlhZ0zbT9LvCaU4eWkdSwXof3k0oV+18YwK+RjQar8xZLBn2:2YlhZq9LvCaEbM3k0oVY/+Oac9B