Overview
overview
7Static
static
3WinThruster/En.chm
windows7-x64
1WinThruster/En.chm
windows10-2004-x64
1WinThruste...ge.url
windows7-x64
6WinThruste...ge.url
windows10-2004-x64
3WinThruste...ns.exe
windows7-x64
7WinThruste...ns.exe
windows10-2004-x64
7WinThruste...er.exe
windows7-x64
7WinThruste...er.exe
windows10-2004-x64
7WinThruste...e3.dll
windows7-x64
3WinThruste...e3.dll
windows10-2004-x64
3WinThruste...00.exe
windows7-x64
7WinThruste...00.exe
windows10-2004-x64
7General
-
Target
b2f547ccd7c5b9990bf95ee054717a6e.bin
-
Size
7.1MB
-
Sample
240701-dpby7sxglq
-
MD5
b2f547ccd7c5b9990bf95ee054717a6e
-
SHA1
8c7c965c5a69f56b419834cdea0e5fa64447fb4a
-
SHA256
33668692ad696856f95471e2b2834d75ff6ab285fe1a5d9098d340362e127454
-
SHA512
9cee343b1ec132cb4fb3b0dd3889bc94186f22057e668a15c12aeb1c80e5d3ea598776805a5737e2f00626e35796517cde9141cde0b7b80fd0776900477d26c0
-
SSDEEP
196608:vZdmQFFxXJhg4Wps/D6YnSCT7Ucn2jzlpn0XEB34JOrMLij:v3vb9Jh8a/XSCT7vnkt0XEBoJefj
Static task
static1
Behavioral task
behavioral1
Sample
WinThruster/En.chm
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
WinThruster/En.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
WinThruster/HomePage.url
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
WinThruster/HomePage.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
WinThruster/WTNotifications.exe
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
WinThruster/WTNotifications.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
WinThruster/WinThruster.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
WinThruster/WinThruster.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
WinThruster/sqlite3.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
WinThruster/sqlite3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
WinThruster/unins000.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
WinThruster/unins000.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
WinThruster/En.chm
-
Size
31KB
-
MD5
724cf2afeefd842a815669062aa16cb9
-
SHA1
3e2f911d81322f5eafe51a230b2b523880a185ec
-
SHA256
cd5713c1e3320de532c28b46b717fca625505022913b260ff0baf8bb89dd6e20
-
SHA512
16566d7140e6b9c18c9a828771db0dd1b92558d4e2f5b34e5c824f45c5114d614e943d021d801ec09f50572a7ece94cfb49f7b6a453f95331321005062221a89
-
SSDEEP
384:Gq9OmDIGVxnqo6UvYqBbmoZcKNbuOS1MX0jW6ciPZHRWcN/LxUkM8oJx+ob:GYSGVxqEjcKNiT1fW6p9Qc9jMnD+ob
Score1/10 -
-
-
Target
WinThruster/HomePage.url
-
Size
65B
-
MD5
456529ff5b26d7914403289956523ee5
-
SHA1
ce17c42ba1c3aa90eacde992f33ac1654b3f7583
-
SHA256
74c7175c6d1ba8416f2784f0b33f8bc115bd01cd9cd8c170254f83798cc986e6
-
SHA512
9004567377137b2123dec4f6b18fee72fbf06d5566e41b0e8eb344b13b6d6e23c633c54598d26687bb4a19aabc30b877e69d53f35fab36ee4fb78b48b77d0387
-
-
-
Target
WinThruster/WTNotifications.exe
-
Size
5.0MB
-
MD5
345e6d136cfac7ac714b656edc79fbac
-
SHA1
fbe6652820b56b6bd60b3d9c4576d675bba9bb80
-
SHA256
7b651e5314f37d4549b32d8d31f2a5e1a8f7009a0586d6a18e2d6e89af409c17
-
SHA512
14eda77de0540d6733d65bbdcd9f784c0af839029db3e0cd4df82b47c4c5e65b6fac7f0d6f7e600b6672fe43cfcca4b8a770e96341c1db6d4e0bca68caf4c176
-
SSDEEP
98304:2ytMqwN4peTJrIrJ79BOL2v8lZwFRdpOJ9RD2Fp/p:k4kOELZ/ApOXRD2L/p
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinThruster/WinThruster.exe
-
Size
10.3MB
-
MD5
89b970cb172b86730c76c3df31551767
-
SHA1
0ae55b3a41e4fc1c3074dbb738065ac4cd2309e5
-
SHA256
7e97fe6c675e5842f38514056b2c3c7a928185f4dd2cdd97cd0d0ee4d5d319fd
-
SHA512
18b0416e3120e1554845153f988a5757e3d03605e729450f93393611566cbc6f904b9acae6ffabafdef673c2d1b4b77fb688f27ab7437eec5428fb48aad246ba
-
SSDEEP
98304:RDw3Ni9wMMTis0Vu2KKHGAmm3X+A3G8ZyUC3EQED2enKAcOe9z3eH4l40Mffh/b:G3Ni9zzFmmBgUUk9MOe9yObMXh/b
-
-
-
Target
WinThruster/sqlite3.dll
-
Size
1.1MB
-
MD5
fdf0245a035f89de1af8a2091258c9ac
-
SHA1
78536c09808a207f45e901f14de5b038aabaede3
-
SHA256
6120e410ff9e5cad41b47cd5fcb23cc3f8bd8f505a86e158c578e15869489367
-
SHA512
4bd214bc4dbd749a429e1753c59c395344607884e20cfa3e1c0dde655e2c6c1e49ab5388e70112e83c7c71b005a985019e39bb00c1e5c1b8e90b5a3d6219e1c3
-
SSDEEP
24576:co0tp6E0MfgukNyOyf9OWCkdKkuyvrpSmgfWCpg7:co2ttkwBf9OFkskuyvrprF
Score3/10 -
-
-
Target
WinThruster/unins000.exe
-
Size
3.1MB
-
MD5
b0e00a066ca1d50cd7e20e89ae392070
-
SHA1
ca272060ab5cce765849e482f663d2d6d14cb8e9
-
SHA256
23ac412357b91ca18622d1e10762ef4aa6f056711bafd01f7ee5b989a2d1f599
-
SHA512
507026af984db33ab06477d17634bf9eb120c340e02049a9908380d175a77051e4c483f605b1015eea5f15a8808ab9b477f2e76f834272c346d0abb535e756ee
-
SSDEEP
49152:aEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVM3338O:q92bz2Eb6pd7B6bAGx7C333T
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-