Sample File: MD5 hash: ada5680a5445bbeccc7af9bc4c29956e SHA1 hash: ea0f81c516115a35a378ac77ff9382a38aa0fe9d SHA256 hash: ce3f2b9a2704436f72efab3a30a622ec89413a9e4c157c0408474dd4573c947c SSDEEP hash: 12288:GhyP5uvW61ha4wwEgUxJwHIxqhynh99RkJM8234v8wPilfsjsetp:Ghtv1ha4wrgUxJwHI3n8M8BRPiTetp Filename(s): hpketi.exe Filetype: Windows Exe (x86-32) Mutex IOCs: 1641784820 Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox HKEY_CURRENT_USER\Software\Valve\Steam HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Domain IOCs: raw.githubusercontent.com u7320947p3.ha004.t.justns.ru IP IOCs: 185.22.155.51 151.101.112.133 URL IOCs: raw.githubusercontent.com/fkarelli/fjrusbftnf/master/nyun.txt u7320947p3.ha004.t.justns.ru/collect.php File IOCs: Filenames: C:\\Users\Default.migrated\AppData\Local\NordVPN C:\\Users\Default\AppData\Local\History C:\\Users\Public\AppData\Roaming\.purple\accounts.xml C:\\Users\Default\AppData\Roaming\Psi+\profiles C:\\Users\FD1HVy\AppData\Local\History C:\\Users\Default.migrated\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\All Users\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default User\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Public\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\JCRILOMHYW.DPBKNGHLX C:\\Users\Default.migrated\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default User\AppData\Roaming\Psi+\profiles C:\\Users\FD1HVy\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Public\AppData\Roaming\Psi+\profiles C:\\Users\Public\Desktop C:\\Users\All Users\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\All Users\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\FD1HVy\AppData\Roaming C:\\Users\Default\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Default\AppData\Roaming\.purple\accounts.xml C:\\Users\FD1HVy\AppData\Roaming\Psi\profiles C:\\Users\Default User\AppData\Local\Temporary Internet Files C:\\Users\All Users\AppData\Roaming\Psi\profiles C:\\Users\All Users\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default User\AppData\Roaming C:\\Users\Public\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\Desktop C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\HDRTFJKRBSVBLCRDRRLQ.IHRI C:\\Users\All Users\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\Windows\System32\VBoxService.exe C:\\Users\All Users\Desktop C:\\Users\Default\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default.migrated\AppData\Roaming\.purple\accounts.xml C:\\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Default User\AppData\Local\Application Data C:\\Users\All Users\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\FD1HVy\AppData\Local\Application Data C:\\Users\FD1HVy\AppData\Local\NordVPN C:\\Users\Default User\AppData\Local\History C:\\Users\Default.migrated\AppData\Roaming\Psi+\profiles C:\\Users\FD1HVy\AppData\Local\Adobe C:\\Users\All Users\AppData\Local\NordVPN C:\\Users\Public\AppData\Roaming\Psi\profiles C:\\Users\Default User\Desktop C:\\Users C:\\Users\Default User\AppData\Roaming\Psi\profiles C:\\Users\FD1HVy\AppData\Local\Google C:\\Users\Default.migrated\AppData\Local C:\\Users\FD1HVy\AppData\Roaming\Psi+\profiles C:\Users\FD1HVy\Desktop\hpketi.exe C:\\Users\Default.migrated\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\All Users\AppData\Roaming C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB C:\\Users\Default User\AppData\Local C:\\Users\Default\AppData\Roaming\Psi\profiles C:\\Users\All Users\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\All Users\AppData\Roaming\Psi+\profiles C:\\Users\Default.migrated\AppData\Roaming C:\\Users\Default.migrated\AppData\Roaming\Psi\profiles C:\\Users\FD1HVy\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default User\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default\AppData\Local\NordVPN C:\\Users\Default User C:\\Users\Default\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default User\Documents\GTA San Andreas User Files\SAMP\chatlog.txt System Paging File C:\\Users\Default User\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\\Users\Public\AppData\Local\NordVPN C:\\Users\FD1HVy\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Public\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default User\AppData\Roaming\.purple\accounts.xml C:\\Users\Default User\AppData\Local\NordVPN C:\\Users\All Users C:\\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\\Users\Default.migrated\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Public\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Public\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default\AppData\Local\Temporary Internet Files C:\\Users\Default User\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\FD1HVy\AppData\Roaming\.purple\accounts.xml C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State C:\\Users\All Users\AppData\Roaming\.purple\accounts.xml C:\\Users\All Users\AppData\Local C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Public\AppData\Roaming C:\\Users\Public\AppData\Roaming\Mozilla\Firefox\Profiles C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\VBQQQRFIODBPXNDESMP.GIGLXSTPIUTSJFBF C:\\Users\FD1HVy\AppData\Local C:\\Users\Public\AppData\Local C:\\Users\Default\AppData\Local\Application Data C:\\Users\Default\Desktop C:\\Users\Default.migrated\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\\Users\FD1HVy\Desktop C:\\Users\Public\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default\AppData\Local C:\\Users\Default.migrated\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Default\AppData\Roaming C:\\Users\Default User\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\FD1HVy\AppData\Roaming\FileZilla\recentservers.xml MD5 hashes: 5437864c133f53e6a43fc8678fee8ca9 ada5680a5445bbeccc7af9bc4c29956e 5c2161fc7b16d12b45b3e53d56fad16a b001dda3654ebe110f64ab44216eff00 f6a3a5fe94c9a42a22a72f4743e92105 164f4ab18544aae9d15a13d4515bd3dc e3a002935a782f75c8ac7f3f0505d7f2 SHA1 hashes: 383ed41171772885ecedac3639de19c6d4024b57 5ec603207a726efa249b6ef575b2d03c64e928fd 06a317f3d6519cf226db3ab029a212293d318a1b 78c8d3bdd34ba554fd077b0a126f01c6e877b1ae 2ac43af00f530fa8e5e8ac1bf597aea35cb4a340 ea0f81c516115a35a378ac77ff9382a38aa0fe9d 7276342a8069ebe40c06d5ea8457b2bf44dd763d SHA256 hashes: 037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748 cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a 754a1afe2db9a13bb6db16e43f3c420c861a5f49b54cafdad76679a0127ac7da fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129 ce3f2b9a2704436f72efab3a30a622ec89413a9e4c157c0408474dd4573c947c 8d44f6a178b4520892d4a43d71b0a148744c87a38e3a110be65a8ed36f49f8aa 912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7 SSDEEP hashes: 96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D 24576:VasS1al+WReLmks+uyqXLggfK4ICeBtRHQ5n7bf:rn0mLnXLggiZCd7r 12288:GhyP5uvW61ha4wwEgUxJwHIxqhynh99RkJM8234v8wPilfsjsetp:Ghtv1ha4wrgUxJwHI3n8M8BRPiTetp 48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc 6:q39NqxtmsGXGT+QcpSrQMnIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx3x2nH:U+xgs2GvTlngBUiBns0dcz2Hz387T 24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc 24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW