General
-
Target
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb
-
Size
14.2MB
-
Sample
201114-b8alt6bj86
-
MD5
d26269fa962858fe075c28e3895c6fac
-
SHA1
6dde5882350af7e32dcd0d3ed4c725315ecf21fb
-
SHA256
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb
-
SHA512
8bd6c990cd0b64a73032cf12e43eb1dc479c49263aa9228b7b6b6f6b588e9e9906bea02b00202370a25213166421a8a6fb674d2aca7be111bb6c3323d64496db
Static task
static1
Behavioral task
behavioral1
Sample
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb
-
Size
14.2MB
-
MD5
d26269fa962858fe075c28e3895c6fac
-
SHA1
6dde5882350af7e32dcd0d3ed4c725315ecf21fb
-
SHA256
966a87d872917014c21b46edb1333db28917aee49590a0352bd013d8d92399eb
-
SHA512
8bd6c990cd0b64a73032cf12e43eb1dc479c49263aa9228b7b6b6f6b588e9e9906bea02b00202370a25213166421a8a6fb674d2aca7be111bb6c3323d64496db
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-