Sample File:

	MD5 hash:
		09ffa95859a2dd8324b57e56afef92e4

	SHA1 hash:
		d40d01d3d562931777afd593daa0245debde7367

	SHA256 hash:
		e5d828de929e401ba528c5a6d85c2cc7fe5897a67b73c23556ee04a392df3971

	SSDEEP hash:
		12288:8rht1AiDpliAAIZ2zmznLFl53XWCyjSKA/l8gdXFQC8pxUsF9:8rhJF9AIZ9zLFl1e6Fr8pxU

	Filename(s):
		2367.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SysHelper


Domain IOCs:

		api.2ip.ua
		qpao.top


IP IOCs:

		77.123.139.190
		46.173.214.122


URL IOCs:

		http://qpao.top/nddddhsspen6/get.php?pid=8B84840859871A34BC38274344487A39&first=true
		http://qpao.top/files/penelop/updatewin1.exe
		http://qpao.top/files/penelop/updatewin2.exe
		http://qpao.top/files/penelop/updatewin.exe
		http://qpao.top/files/penelop/3.exe
		http://qpao.top/files/penelop/4.exe
		http://qpao.top/files/penelop/5.exe
		https://api.2ip.ua/geo.json


File IOCs:

	Filenames:
		C:\SystemID
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\5.exe
		C:\SystemID\PersonalID.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin1.exe
		authroot.stl
		I:\5d2860c89d774.jpg
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783
		C:\Windows\System32\drivers\etc\hosts
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2367.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\bowsakkdestx.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin2.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1e0f3478-f5c6-4d34-8528-dedd9dcd2df7

	MD5 hashes:
		d31bc8dffc9fe769a61e06ea2473567b
		5b4bd24d6240f467bfbc74803c9f15b0
		fa45e8ddf1838b912c4204347f823ee5
		09ffa95859a2dd8324b57e56afef92e4
		f972c62f986b5ed49ad7713d93bf6c9f
		4479a52b31b6bde89384fb63854ec382
		996ba35165bb62473d2a6743a5200d45
		360d265eddea8679c434a205f7ade7ad

	SHA1 hashes:
		243ca793c099754097fb1b439929425fed333049
		e17d843f610e0283904e201195360525ae449a68
		60fbfcff524cc37c6d16e1b8acacc0952207eafb
		71386477836e4081befb501a266ccc4c984030e0
		d40d01d3d562931777afd593daa0245debde7367
		4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
		c17f98c182d299845c54069872e8137645768a1a
		52169b0b5cce95c6905873b8d12a759c234bd2e0

	SHA256 hashes:
		2f0cf6c38ac89a7588dd8d01657af29469117a3146eea094bbea5c0709763113
		5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
		8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2
		14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
		b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
		6ef95902583da843c0fb026a8c412940566a385aca2e8fb4c32f055d1dd3da11
		5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
		e5d828de929e401ba528c5a6d85c2cc7fe5897a67b73c23556ee04a392df3971

	SSDEEP hashes:
		3:uIHeGAFcX5wTnl:/eGgHTl
		12:YGJ68cg6bjs5nOwGUiaI2lVwcu3g2CdypQ856O/S:YgJcg6M2aRlDu3gxypxH/S
		96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax
		1536:blzA+FFTLO9oHCLYyBFfLARZk2YueKQR7A/MGs:blH7RHCVBFERxeKh/6
		12288:8rht1AiDpliAAIZ2zmznLFl53XWCyjSKA/l8gdXFQC8pxUsF9:8rhJF9AIZ9zLFl1e6Fr8pxU
		12288:q5qcymZFkrwgFlZi6Bw+TvNHzBPXR3Cew+DfPS0N:qBfZFk0+Bw+TvRn3pz
		6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf
		6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE