General
-
Target
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2
-
Size
11.8MB
-
Sample
201113-xxlf8qdwve
-
MD5
33cad99d88094a24ae8812e4456f1ab4
-
SHA1
4ae0d8fb7192e55442467acae41c924221fb7a08
-
SHA256
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2
-
SHA512
aa0141158f7f4e2e45d08517c54885b9dafc06ee2dc9fa3c458d13886be584ea80ee45f235582c724eae00f72bc289de0867fc8e0828cc85a5e6795a0523dc2e
Static task
static1
Behavioral task
behavioral1
Sample
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2
-
Size
11.8MB
-
MD5
33cad99d88094a24ae8812e4456f1ab4
-
SHA1
4ae0d8fb7192e55442467acae41c924221fb7a08
-
SHA256
2f9cac9ba8ff5c2387cb510b7e578b3b5c08dc0a73fb36876a8a6e57a7446af2
-
SHA512
aa0141158f7f4e2e45d08517c54885b9dafc06ee2dc9fa3c458d13886be584ea80ee45f235582c724eae00f72bc289de0867fc8e0828cc85a5e6795a0523dc2e
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-