General
-
Target
fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8
-
Size
166KB
-
Sample
191212-wy8366z8n6
-
MD5
4fe7445b59795400c3bafeba1936476a
-
SHA1
4b49423d3d8e044936980ea4da80841426792a16
-
SHA256
fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8
-
SHA512
da440343cb4b20f3bb8ef66c856198f2e5348a8bdda56b760cfb5b5764f59252305a7a27f9d1e7e58280c3b8071308285be39ffd2c8c6aa6a0b9f897e49b1674
Malware Config
Extracted
http://acqua.solarcytec.com/rtsbgs/XiWmtYYur/
https://blog.learncy.net/wp-admin/user/oxZqQp/
http://hospitalsanrafael.ainimedina.com/wp-includes/vwf-i8ge-4445917/
https://sg771.kwikfunnels.com/phpmyadmin_bck/x9tfn-lv1h4-174129596/
http://www.siyinjichangjia.com/wp-content/WYszsP/
Targets
-
-
Target
fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8
-
Size
166KB
-
MD5
4fe7445b59795400c3bafeba1936476a
-
SHA1
4b49423d3d8e044936980ea4da80841426792a16
-
SHA256
fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8
-
SHA512
da440343cb4b20f3bb8ef66c856198f2e5348a8bdda56b760cfb5b5764f59252305a7a27f9d1e7e58280c3b8071308285be39ffd2c8c6aa6a0b9f897e49b1674
Score8/10-
Executes dropped EXE
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-