General
-
Target
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d
-
Size
11.3MB
-
Sample
201112-w745d8hb22
-
MD5
9c19fce163a1ae66e4be70fd7dfc003a
-
SHA1
22c4f9f5c37574df08d676ff9cab6f50b7c01321
-
SHA256
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d
-
SHA512
03392ceb68aca7832a903a3c00977c6b6e33f531112c1b7b6a5b6ff46ca9272f0b6e3235682d3ad64be4aa02657f70d6cf0469789162157f35f499a96481337a
Static task
static1
Behavioral task
behavioral1
Sample
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d
-
Size
11.3MB
-
MD5
9c19fce163a1ae66e4be70fd7dfc003a
-
SHA1
22c4f9f5c37574df08d676ff9cab6f50b7c01321
-
SHA256
38ff1ccc229dd0ee592d9bd47c4ec4fbcc418fb385d7dea4bd72d1120651cb7d
-
SHA512
03392ceb68aca7832a903a3c00977c6b6e33f531112c1b7b6a5b6ff46ca9272f0b6e3235682d3ad64be4aa02657f70d6cf0469789162157f35f499a96481337a
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-