Sample File:

	MD5 hash:
		59f9a71bd907118170585d68226be5de

	SHA1 hash:
		6782f1c721418dfcb3a64c98262ee2cb67f87f46

	SHA256 hash:
		aa6df2cc9b5fdee4eed4790d28c1af963cf93f9ee99c754c7c71885057f7b41d

	SSDEEP hash:
		12288:pVUYYy3gzR4lyLt11Xhdw+Q6qX1TIi5vRKpHUpkG:LUYYy3mNL1Xhdwj6qXZXZR60WG

	Filename(s):
		234561.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		- None -

Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Borland\Locales
		HKEY_LOCAL_MACHINE\Software\Borland\Locales
		HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
		HKEY_CURRENT_USER\Software\Zeppelin
		HKEY_CURRENT_USER\Software\Zeppelin\Process
		HKEY_CURRENT_USER\Software\Zeppelin\Stop
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\explorer.exe
		HKEY_CURRENT_USER\Software\Zeppelin\Keys
		HKEY_CURRENT_USER\Software\Zeppelin\Public Key
		HKEY_CURRENT_USER\Software\Zeppelin\Keys\Encrypted Private Key


Domain IOCs:

		- None -

IP IOCs:

		- None -

URL IOCs:

		- None -

File IOCs:

	Filenames:
		C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\
		System Paging File
		C:\Users\FD1HVy\AppData\Local\Temp\svsxchost.exe
		C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\explorer.exe
		C:\Users\FD1HVy\Desktop\234561.exe
		C:\Users\FD1HVy\AppData\Local\Temp\11457D20.zeppelin
		-start

	MD5 hashes:
		f9b3b185b1538fa9c5b0c4e43b05f396
		93b885adfe0da089cdf634904fd59f71
		e7dd86c9ebf1635b936b09913ffae511
		59f9a71bd907118170585d68226be5de

	SHA1 hashes:
		fc5eb4f7d59ab7ac7a542fd383d252c31f3c91e0
		5ba93c9db0cff93f52b521d7420e43f6eda2784f
		4c2aad1149e6b725439d74c937fa98c39a434866
		6782f1c721418dfcb3a64c98262ee2cb67f87f46

	SHA256 hashes:
		6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
		aa6df2cc9b5fdee4eed4790d28c1af963cf93f9ee99c754c7c71885057f7b41d
		d9f42de03c5df5a5fbcdf8fc3484c498d309933b206c5a5930c5fa6c575adcab
		d51fa8b0bd6f3f95c54c44c5c35c0a12ad6b9a8a573d9488168e40a98c439135

	SSDEEP hashes:
		6144:vhKgiOqSj7Ew8nftrS2oEXciryIfitJ+Fr7s0cA:vhKgidYIw6rSjriv6tJ8L
		6144:2ia1vcaEre+HPsKSAzG44DQFu/U3buRKlemZ9DnGAeWBJR1+Gd:2HcthvzSAx4DQFu/U3buRKlemZ9DnGA3
		3::
		12288:pVUYYy3gzR4lyLt11Xhdw+Q6qX1TIi5vRKpHUpkG:LUYYy3mNL1Xhdwj6qXZXZR60WG