General
-
Target
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d
-
Size
14.3MB
-
Sample
201114-e8jj3y89s6
-
MD5
3b94b0d0ed530d4399f2a01f3a2f663c
-
SHA1
81caa4687ce7c88c6ae729c7e0cc97be63d13ed9
-
SHA256
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d
-
SHA512
cd40da59b612db3a34aff0995f90974f3d6e541734a8099a5774ecfe89786a7cd782ef2b1126aa9a5e8192e490ab46dbeb45d8bdb616c47f31ca7b7ff0c72f60
Static task
static1
Behavioral task
behavioral1
Sample
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d
-
Size
14.3MB
-
MD5
3b94b0d0ed530d4399f2a01f3a2f663c
-
SHA1
81caa4687ce7c88c6ae729c7e0cc97be63d13ed9
-
SHA256
191f0b19b5e11dac84a8366d5aa12bf589e3952ee387d78da37b597e509cf76d
-
SHA512
cd40da59b612db3a34aff0995f90974f3d6e541734a8099a5774ecfe89786a7cd782ef2b1126aa9a5e8192e490ab46dbeb45d8bdb616c47f31ca7b7ff0c72f60
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-