Sample File: MD5 hash: 44a78e41f2d6dbd375d286ccdc5e0e16 SHA1 hash: 46170cbc7f0f4944fc34b9cfee3372ecaecea934 SHA256 hash: ee74eb7977f2c0d99ebfb20db94e100493f86cb1221dc535b8f2ae3cdc4fd1ef SSDEEP hash: 1536:A7Kah+sSnBrrJ9RATH7+zc2XwRvBQ3M2mhEkFMdgoCztcBBTOqcInbCU:A7fh+rObnKbkSCxcBBORIL Filename(s): Tr0MJ09gRmWhPOHs.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_CURRENT_USER\Software\Embarcadero\Locales HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales HKEY_CURRENT_USER\Software\CodeGear\Locales HKEY_LOCAL_MACHINE\Software\CodeGear\Locales HKEY_CURRENT_USER\Software\Borland\Locales HKEY_CURRENT_USER\Software\Borland\Delphi\Locales HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Users\5p5NrGJn0jS HALPmcxz\Downloads C:\Users\5P5NRG~1\AppData\Local\Temp\CAS5AY8X.bat C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2894.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\16132.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\13768.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\29302.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\10354.XL *.gif C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1037.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9130.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tr0MJ09gRmWhPOHs.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4542.XL *.mp4 C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11484.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\31726.XL C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\21278.XL C:\Users\5P5NRG~1\AppData\Local\Temp *.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Desktop *.pdf C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Links C:\Windows\SysWOW64\cmd.exe *.mp3 C:\Users\5p5NrGJn0jS HALPmcxz *.png "C:\Users\5P5NRG~1\AppData\Local\Temp\CAS5AY8X.bat" C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\20835.XL MD5 hashes: a5feca10fd49c42a878ec3b4da492dcc f6a77ca9cb81e5f6ce521ec071efb467 c3baba2c33f8478e9b5f557ee7c4942f 71db729a5e9431cf400e4e57de4d2ade 20c70bba76f5cd6828b54a4994d3b8a6 4bed9be6210389dcba03d9e433f145ac 6868ef4ed1449ace515f8b831b621b13 e951b35c3e438a82ba36dc78a4266c10 d9379f51bfaf94d51aa7c2e40bc1dc7c 34b54ed3e0661b6bbfcac320a613dcdc d0f0b4ed5302cbe26cfff6128b4b3318 5362096f44602cedbb402ae97da9d685 00161ce2a97d687b265dd1c407a1ca30 44a78e41f2d6dbd375d286ccdc5e0e16 SHA1 hashes: b85a7a6d35fb78b8008a775d1c714354659aee04 56d5eb5153284f34390dbb5d71373cb78298a00d 46170cbc7f0f4944fc34b9cfee3372ecaecea934 dacb86087154fce98ffa8664b9ffeeac5ec4c4ea 90c3d9af31c3f38b18d3477457d05c7de614a5d8 af1d6abea417722ec842778a4cda49a2f9a5e51c 10b412e7866024b7b485659d3d87dfdf3ab944d4 7450d36e39c85d9c252590561ab5bd8a27c30011 54747db29df00cc6481ba72976cc0098b7171048 13e4a1904ac26d633d17d2cfc00a9677226893f0 9cd4e307768de2638a897b4c147779a1a4f3fa7d 5bb2e0bf9d929b3dfe27ebce1f4f607579b4777c b25fb44ee9f933e34d4202860eaf4e548f47015a c33bca9f1eaf049fa38a104ce90907833e2e1f80 SHA256 hashes: 563d2eb84678a40234eb8539283b6f4f0a4444b2bb3695db8ecfd1ffcbed0b79 2bbedaa465527bc564267a01c052f95f79a0617777f593cec6dba77a7b9fc78c 7d99340f5d925fd28ce02c4333ecd17f10c86c86c517f7451ce82a6cc3c288c0 d91ca34253d1ad7c6b6e8e3b0500cf34cef2f8a5159ca551982a444f6ec2c69b 67dc4aa4ebf56df58b66abd414d921bb5f11bc13829702e42a3c1b647817b28a 34a003e4ebc38ce924619857c24f75c34615cff22c2253a47fadec5a0fa1cd5e 374458a0c4686b911cacb18bd7ffb04e0ab8d87fecf90a8e647d9ad842b5d328 b67d79cc65c362e036d6d7b8c17b996414a5c91aa05577978c6dd4d19b306331 55f87206762e4da7983bfe35131f6e7f3ed279ae9ef42f611cc5b7138be29178 41c34dd4790d2f2c0bd1ffb836a4de840ac3c504194c8e492dfb88ab77e97974 dab1e7f27e4d127e83db91e244fdab7197d32ca4f734c07471a49799da02f115 f354cde5b72ae04aa896c3af4f77b08880857c944333c14b80f22f89deb70425 6a3fce8924b8b736a0b92350fd37a96e4d09a5b9e883dce643d77f03a2d8b0de ee74eb7977f2c0d99ebfb20db94e100493f86cb1221dc535b8f2ae3cdc4fd1ef SSDEEP hashes: 1536:uc6EYfwtrD5w7H/jqxiNheWFoJVeC2hwZ1oxsSdwAq/NgDkSqHrCf1:uciotCT+QnFo6VGDZ3RuDSHrM 768:EJiymjsbc3qYxq6ZOse1yoqGmiQDWMrRvkVMKg:oiBjsbc6YIyCMoqGMWbVK 192:1RawI6hUQ6nBPo60E8+ZsBoN2585MGkSipQlOCvCefFFt1:15hUVBPl0HX585MdSBlOCZPt1 384:Y+8DuwIojF5SPqK+STYc9vjrZIJi6xbP8QzL00uU6rKx/n:YbD1IGSPQWf9vHj+Emvkr2 1536:I0riPhwS343OxfWu0WlT9RA8s0mI4vuozxPuwlNFETIbfufLLixtr4bZpCJKU8ZZ:zghwS343OZesT9Q3DuoJuMyxv0Qvvf 1536:LNkePrZ8v2iO07ocI+Ew50UmJPnlB1QNqwSxEqQCg/cGaDd6FmWVY/5J:LjCO/O550UmVFkdSxzQhUr/W63 96:lvNnplCY5V9vNZxdCY5OvN3TDCY5NMS5cmzp5UJMS5cmzp6EdEhODwNafM4bbQjt:HplCCTdC/DDCb4EdEhODwNafM4b81 192:6SVcHdePE0XH+pFmlYirj5p8COLRVBKPFVs8AE9jRWJvOcTkmmkmsEm7p0xo9Opv:eHd2XHe2YrvfCxdWJvOUm7Xm7uoiXeE 384:wOl8k3QMQw2MWjJgavE2TC26W/HvYCHyoYOtNpVbu:O4Uw2MqGCTzlSohtNzbu 768:14CBW/R4Q33sBRn2HiKNZjXfWuaMcQ3GD:W+0szQNZjXfWuZcGGD 1536:qWu7VT0l3LQAuZXBYIPKibVU+TgUgsbl4og0JCu31WWd65ApmR+pK8mS1p6N:eo30Au1pPK+Fblvg0JH31WL6i 768:RSxfMrKcCQcOzAluG6ANRubeK00By2qH5Zns1HLhyDyC1TFrwP9FTv1y/WCC/7:RZeQbTxwRubeGqHXWHMyC1TFrwP7SCD 1536:A7Kah+sSnBrrJ9RATH7+zc2XwRvBQ3M2mhEkFMdgoCztcBBTOqcInbCU:A7fh+rObnKbkSCxcBBORIL 96:8d8bY/XyIeFz12NmnBDIbo6v0LZEQVhXsWRkVNzz1UhTvy7afgV0FalQp:FbYmFhu4mo80SwBRkNzzehYfKaY