General
-
Target
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676
-
Size
12.1MB
-
Sample
201113-ftjt6wkkxe
-
MD5
0ac0af0d8d5a45c4a2ff02c51a618f58
-
SHA1
222eb9c628d571d03f0a82ef5df961e066a8d8cd
-
SHA256
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676
-
SHA512
ff30925e35fb3388eaaa3a8953ea235c3baf51b6262e4c5f94d69830a92ccf62c9b2c2bcd2588737cb98d29283d114eb6f5cfd3cfcc11b24114f9c98c49c0437
Static task
static1
Behavioral task
behavioral1
Sample
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676
-
Size
12.1MB
-
MD5
0ac0af0d8d5a45c4a2ff02c51a618f58
-
SHA1
222eb9c628d571d03f0a82ef5df961e066a8d8cd
-
SHA256
63b79b71cb84b6ebe5708776b4834ce9e103f24f58f9f1c7f867c60be020a676
-
SHA512
ff30925e35fb3388eaaa3a8953ea235c3baf51b6262e4c5f94d69830a92ccf62c9b2c2bcd2588737cb98d29283d114eb6f5cfd3cfcc11b24114f9c98c49c0437
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-