THREAT IDENTIFICATION:  AVEMARIA STEALER

SUBJECTS OBSERVED
NEW ORDER 2022-0231

SENDERS OBSERVED
fatura@zhangxinint.shop

ZIP FILE HASH
isarity.zip
ba3f05ffa78da8e3c9b055f36b27bb13

EXE FILE HASH
isarity.exe
1b4060289c038aea99dbd67a896d6261

Renamed and copied to: \AppData\Roaming
papapa.exe
1b4060289c038aea99dbd67a896d6261

ADDITIONAL DROPPED FILES
papapq.exe
0e362e7005823d0bec3719b902ed6d62

AVE MARIA C2
kashbilly.duckdns.org:5050
109.206.241.77:5050

ADDITIONAL STRINGS IN MEMORY
Ave_Maria Stealer OpenSource github Link: https://github.com/syohex/java-simple-mine-sweeper

SUPPORTING EVIDENCE
https://tria.ge/220823-m1ph4sgch6