Sample File: MD5 hash: b2b278aed753209592b051998cc78d6e SHA1 hash: 187fade13fa2590af0a7168a5fa1bbdd38fb696f SHA256 hash: b575cbe291920b98cd523890c53902ccaad1c1f0357024c51e0ac5b1d0cd3786 SSDEEP hash: 768:TWAiV+oPalRR4+G1KSisOUp1efyKjJxGqYEphnsL1Gt14eisgDKL+LI+okmDWwRo:TS+oPI6f11OUp15oVph/4psgHyWw8GY Filename(s): captcha_visual.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size Domain IOCs: iplogger.org IP IOCs: 88.99.66.31 URL IOCs: iplogger.org/1kgWq7 File IOCs: Filenames: C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W7RXP9kYuvmTV.gif.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wu4Z6746em5wpqR.swf.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\build note.txt C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjhUgLL.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vBXWRkjqa.swf.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j3JyUbK.doc C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\BmFVMwZ-.ppt.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\Cb7Gyhhe8ABQk0.rtf C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9tXOTB6cCqaPF.png.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\OUbB8Nw.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\qnAgUAAuMSkT3L.bmp.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j3JyUbK.doc.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\i oNgTBn.csv.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wu4Z6746em5wpqR.swf C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bYmDuT2Ba.m4a.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LtxycJwYc8aiI.xlsx.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NFMf.gif.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LtxycJwYc8aiI.xlsx C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vBXWRkjqa.swf C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\Cb7Gyhhe8ABQk0.rtf.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BfLJ-qJ.odp C:\Windows\system32\cmd.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9tXOTB6cCqaPF.png C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\qnAgUAAuMSkT3L.bmp \\.\C: C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y6o3bM eaIX_bwj.png.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BfLJ-qJ.odp.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\i oNgTBn.csv C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W7RXP9kYuvmTV.gif C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\80l Y.pps C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Po53K6XUyzjsd4PBoD_.jpg.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bYmDuT2Ba.m4a C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RwTVxn7lStVnd_WKK.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\BmFVMwZ-.ppt C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\xgqZHJz8zsk3DeEjWxC.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\xgqZHJz8zsk3DeEjWxC.bmp.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Po53K6XUyzjsd4PBoD_.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VEOSuKZMb2iFfRfNLI.jpg.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sINUfMi95MsWn.m4a.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FD1vIXwTkAV.gif C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NFMf.gif C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KBDfGIul9lKj5bzlyj.jpg.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FD1vIXwTkAV.gif.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\OUbB8Nw.bmp.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RwTVxn7lStVnd_WKK.jpg.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KBDfGIul9lKj5bzlyj.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\captcha_visual.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VEOSuKZMb2iFfRfNLI.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sINUfMi95MsWn.m4a C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y6o3bM eaIX_bwj.png C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\80l Y.pps.[4B2E4630].[garantos@mailfence.com].captcha C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjhUgLL.jpg.[4B2E4630].[garantos@mailfence.com].captcha MD5 hashes: 37059af3bfba5e0929f9cff1258f9a46 430341a2c6811910b231294f07ed638a faa6970f1706ab22db9051ebf5a6a2e1 4a285b2e03f1d33d17c2ffb571620198 5b44b2e1e82167ec7a5e6a9333d889bc 360644fae95676e983f08c25d027086b a2c7c60f9105d024da129e38c4763c0d e4554f4ff525eedc81bb7ea5658ea311 4ffcf994ae11581160302b2a60ac1819 32ee82ddbf8a99b60ebfa4a290b3753f 1b0ea93a97a2b9040e2ace211e615ea4 112ad89d29316fc0ca3222514a83bc7a f80545431b2301f1f16afca80a96e80b 215b510c84439adec6b54fe7d525629d 5be024821243ae80a08cb9d748f00e64 b2b278aed753209592b051998cc78d6e f8973659df5fd45cb45866ec0ee7c19b 70e5ca4994229e9027f3f67d050974f2 770178ea429c322b805872e87cdae405 ef12b3de4f777b899024deffda771069 a78e27e7e863fb7417603d884af062a7 fcd19c283668c740e47d01170b05112c 3f2f6f49a6581dc00cfa5a2968b2d99c SHA1 hashes: 631a60fee8453f18f40c01e0c78d8d0867ad0d54 5c4862471900a7304c0ee26bce73da8cf9973b73 9a2cbb0d854785afc7e542185de47eeffc45bf2c 2494eee6e77d8739b259df7c2ed897592ee2d6c6 ea2e1c224d7302471f0c8065c3cddfcac8278a6d a2ff51d5c75f1475a6686f402324384b7db06b09 d9a56cd6b5c312f8c07e3f2502ed1e9c17e342c9 62b9a3a43bff647ff8927de1807aa51313414858 a6d8eb2ab6ee0d660f89d47b7455dbbf5b52572f 22134d8ecce82029b019fc1e7dd43288711501bc 6f283d240516c0422d45945fa67dbf972935455b a0db02a8634e6bf61970721b901bda10fc57e2b8 0f0309047f39440884845dbcb100b0bfef7140cf 985bd8994c1352455fe3725ab93de589f7655a6a b435fa7906d4f0ee81c5fc2cfb5c722af8b13dc4 19273421edc6828104ee85e8752c7aaac9bde56c 4bf6dbb52cb208b53cb12f851ef2586d62f035d3 5b5eed384f40c406f363b8969a76e3cf281ed3b4 f06d5b49286a4e9fdfb328b4cf2332d93a22d310 e860d426e746d9af7efb1d55323b1777f4517e75 d667a9071f2c2aa6f51cdf54435726b589975184 187fade13fa2590af0a7168a5fa1bbdd38fb696f d75a35a1db11d1f19acc7de67381967b39ffa89a SHA256 hashes: f6477e747ff4dbc803e049b7947a495708457f0ca384b63604d20cb674922f8d 1db2ee0a0da2985a7c4e35680bec61b256d0f4775cdbc0c13265bafeaf513305 525e8518615d62262505b43faef7ab3e1c16276dd3a09914baca450c45d8479e 59d237b1e6887e8e418ee6bafc475562ac98556bd31446819b5573ba80fe183b 2464d853cdb68288bc3de02d618c20142a73ea79ad52f7988e395e31eacdf2d7 d3065848c1d36d010fe9e47a85d14874b9beca460aabebcdbbd03c240f312833 b575cbe291920b98cd523890c53902ccaad1c1f0357024c51e0ac5b1d0cd3786 597dd4c3e77aafe75686374e3fd43fa7088c43cb1fdd06c1f51b49a3fdd75550 fdce46d685f8a9d048b23eaf0a47c03ea37b07c4611098295c84d7d8190fd68c 5e10d17a8ae94864aab0b0b2ea1b13ef11a6c4575f79233f176ea07b578d6075 c4b617c754eaf787755d04f8c187d67c1f1a72685ed84365f67d4f4100aee76b e3c4dc5137ccd069bd5211766778f0b99f8257c3db42c5a6dd9c321a4fc137f5 f06870a90eac519e3799c937ea58bc0829ad6149e75379fa98f2356651061f66 767de9dbcc49e6c6fe5616f04017d371b1508066ff400de6e13e86c7b603c373 edc5b388a8adf59945d16253ff5d09e544e81dd221dc57ef24f8e3ba1f369cec 99e4bfd9c7343b51b227b4d2c7fac81fca81158d1effa0db96ebe5442a8019d3 aacc4f7dc9ecc8418cb77978c4d98d6909a9ddb1c7188f5f612584836ef8569e 8d4c209e1c3886896e873b861c6d09dc1e5d1f775708ab9ecea5b3b0749968da 8aa99db73e6db4409f6bbbcdc40d7ae35d454d2c0762fb537dad29bbd2a7610f dd4aace0dece85d0019eb307f57d3ca9722961462f0483b94b437384781ab4b8 6828f57534359eb59514721d034e8d29778ebf21315606ac59cb747cfeb5ced0 2637d857d0d7a3c0906ff8bc5b81733494f67f79c4cdb680eb55a59e53f81d15 24e91614e86f5122e31e82052c94ea77b71574dec0fda0e1001fdcb44e9e1d79 SSDEEP hashes: 1536:gJKjOnhP5fFoz5KNflrfjjIKUOguQpMl++WG8a/FpdjqINZhY4V8DlAJR/hdj:gAinhPkgNflrfIUgUk+WG8yFlRVUmTht 384:MzHqGg4AqHpAkGXJxPzWRy/CE+Ke0S7fF/KoPCQ7OV2ZA5:CHuwNGbQy/2L0YB6Qa5 192:c95sEqoEplP9mIRObT6EWMclb76R0x54+MBI:ccpoWd9dR+Tiln00zoI 768:331gNvwBNuk7X1bXpMPWfIN4v+SOOm36u0gdN47fU2s+/o+A6mj:3lnbZ9MPWVcOm36TgdNDilA6mj 1536:65l5FnwaHs66+fnxP8MHaH4Suk/AN0PGmbXSVcpBOeiExBC6ZhBGvYe5qCb1w8:65lw66/M6H4SDPhbCIB/if6ZPGvbb1w8 1536:kyshiYw+5i96qpR65OSkXAK3Gqkx0IlbvlfHQpx/LNu1H35DjEoYBtEyNa8oj:kfVw+5i96iR6oLQt21pKx3p/oNS 768:PBjGkTTP9YbF3Takic4LO84e6Up1hC0mgtfhGI1F82oVH+7RhUEQj:PJ3vatavc4ODe6KvXmKFJoZwRhULj 1536:7S0oxVhIdDSQGF5nfBNzAMeTl3vWBsdUw1lXl+/6YaNG9:e2dvGHnwMyuY17YaK 768:yfmdTMXdlBlSIHLV5Hj0NfwV41lDz7ksO6uuYCv3fBaFxOGwxQPzNeKgPB5jfjpS:yfiS7LPANfwV4ksOlu1ZafhwyLNetfqR 24:PBYUel6jkFklH3g/QHAYAbS5w/Fo8mHlczvunE1iBhD/Qo:PWl2lQAgS54opFrIChX 1536:SVxVAmZhzov/N4WYTuLIEEa1llmnSmSVym4xz:SaSY/V1L91llmngyRxz 3072:ozJzYXsO3BZygESVqfuhTs0EHyHi9Tr7Q3iHYaZ4eg:K1PO3B1VOtHyHi513Zlg 1536:lApn8YrRTYy3zd8UdLcMIrzGTZkO/me2Ms0PkGDAkyofGgUkqJV+aj:W8YxYy3zaUd6zGyMs08HkyIjUZ+Y 1536:1qVkNkHvz0gM3bm1v7Szd6PtEIPPchNGE+G0BL4IAPaf:oVj0gMwv7YEEIPPchNGE+GG8IASf 768:TWAiV+oPalRR4+G1KSisOUp1efyKjJxGqYEphnsL1Gt14eisgDKL+LI+okmDWwRo:TS+oPI6f11OUp15oVph/4psgHyWw8GY 384:/QvYLGYPprI8QYto52zPom4mrOAdp0uzVN3hYN1HT1dK6MO7y/uGlzVx2CpU2Ate:/QvkGoPQYto5yoef0u3ClT1dK6MtVkC9 192:pmgkYXK1naKmt4eLMzYnkVQPJAP8j8KJEa1SiUWVQ6tt1ERHj7nz+6j:bc1nwrQuggaIh1SgVQ6tvE9m6j 384:LuhQ6VmQQFZPqtWd4LV0IvIQf32JbX4RPiookSPk58QgIEZO3/qEglIxk46Zc:LuhQAOZ2Wd45UYu4FGPUgIEZO3elIxkm 1536:+Ic0oZaahXDxiXThZTv8YwweBc6/xQDmMKVQ2h3w5OeECR3B:TocatV8Xtw3Bc6/WDmMKVQ2hrC3 1536:vRBo/6JesFEFqsM5dq2uRSMMKSeDye+Bx9pyUSR54g9ybJdpRc3lwhSvE:Z06QsSqh5k7fMK7Dy1B1yUi4/bJvRawb 768:WXG5m+YsN3UfnTKZ/2KUfGIEjLuAElqOUABj:Wl+Ys1YAWWalk+j 1536:WBVtLfy5VXYnfEsE6KNNs8MKdDuwmUREXW5FNgjk0ZJYZHXQAWEh:WBVs8sNvSwmU6ygjktQAT 1536:6ugVGqiVjSJiZ/kJIrbMN8M+FMs/C9JSg2eGG3jxFN5Xu1tbIcdAj:q4bVjnKJIcH+F569JSLLG3jN5X0dk