General
-
Target
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1
-
Size
14.4MB
-
Sample
201115-6kftyzz82j
-
MD5
23d4e5ec1fc789bf9012da1ee2dac488
-
SHA1
35137488953d8baa146c0e8c739d9f6e3b81195a
-
SHA256
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1
-
SHA512
396b9726a7e876cf09d9ccfacc869e77375513a7bbf9b2a7092d3ae2d394713fcbc14370f9a943c5b9496e294145aead4c9d5d2e1566ab76ca9472a6bc290e45
Static task
static1
Behavioral task
behavioral1
Sample
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1
-
Size
14.4MB
-
MD5
23d4e5ec1fc789bf9012da1ee2dac488
-
SHA1
35137488953d8baa146c0e8c739d9f6e3b81195a
-
SHA256
ae00a627fd5f8258c7407fce21e7325475cf37605d0fafd1fa1fdd2912651dc1
-
SHA512
396b9726a7e876cf09d9ccfacc869e77375513a7bbf9b2a7092d3ae2d394713fcbc14370f9a943c5b9496e294145aead4c9d5d2e1566ab76ca9472a6bc290e45
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-