Sample File:

	MD5 hash:
		83f617449efb204730cccc74ab9a4d73

	SHA1 hash:
		8949edce118235cb7f591d9933c665d4acc67619

	SHA256 hash:
		a41f710b68c0f9924599730f9db3c12074ba81746f0bd4c95b635b572b020bca

	SSDEEP hash:
		6144:Hia1vcaEi6+HPsxSAzG44DQFu/U3buRKlemZ9DnGAeWB3lZM+:HHctMvASAx4DQFu/U3buRKlemZ9DnGAZ

	Filename(s):
		hhhhhh.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
		HKEY_CURRENT_USER\Software\Borland\Locales
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\taskeng.exe
		HKEY_CURRENT_USER\Software\Zeppelin
		HKEY_CURRENT_USER\Software\Zeppelin\Keys
		HKEY_CURRENT_USER\Software\Zeppelin\Keys\Encrypted Private Key
		HKEY_CURRENT_USER\Software\Zeppelin\Keys\Public Key
		HKEY_CURRENT_USER\Software\Zeppelin\Process
		HKEY_CURRENT_USER\Software\Zeppelin\Stop
		HKEY_LOCAL_MACHINE\Software\Borland\Locales


Domain IOCs:

		- None -


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		-start
		C:\Users\5P5NRG~1\AppData\Local\Temp\0B275780.zeppelin
		C:\Users\5P5NRG~1\AppData\Local\Temp\46B7F325.zeppelin
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\taskeng.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hhhhhh.exe

	MD5 hashes:

		83f617449efb204730cccc74ab9a4d73
		93b885adfe0da089cdf634904fd59f71

	SHA1 hashes:

		5ba93c9db0cff93f52b521d7420e43f6eda2784f
		8949edce118235cb7f591d9933c665d4acc67619

	SHA256 hashes:

		6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
		a41f710b68c0f9924599730f9db3c12074ba81746f0bd4c95b635b572b020bca

	SSDEEP hashes:

		3::
		6144:Hia1vcaEi6+HPsxSAzG44DQFu/U3buRKlemZ9DnGAeWB3lZM+:HHctMvASAx4DQFu/U3buRKlemZ9DnGAZ