General
-
Target
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b
-
Size
13.2MB
-
Sample
201115-5zsqkj2m1e
-
MD5
32b51d4b10b95d049f96e329d77a87e0
-
SHA1
c7edc30d62b156fc407dc914a726a19b3108b2e3
-
SHA256
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b
-
SHA512
11408739911bcb93b75c909336fc88733c5702244efa62ae72d8f05276b80da69db362894620f81c323bfebbc0268028de1fe80c9dbf8c121fc598cdaf81a7c0
Static task
static1
Behavioral task
behavioral1
Sample
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b
-
Size
13.2MB
-
MD5
32b51d4b10b95d049f96e329d77a87e0
-
SHA1
c7edc30d62b156fc407dc914a726a19b3108b2e3
-
SHA256
fe8cb5b58a6e04b1877ba5d8f1c7b37fdc43a73ae8850daeea7eaefca2fad15b
-
SHA512
11408739911bcb93b75c909336fc88733c5702244efa62ae72d8f05276b80da69db362894620f81c323bfebbc0268028de1fe80c9dbf8c121fc598cdaf81a7c0
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-