General
-
Target
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68
-
Size
10.3MB
-
Sample
201115-787v7qes82
-
MD5
da27a5c1d9a98aff0dfac99dfe082706
-
SHA1
76b7addfd3472df3fc609debde21e296314aa97c
-
SHA256
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68
-
SHA512
448a55a95ab81a22f740bd2dd124c1f20df817016d5ca962513959cc0cc328cb9ea71cae4f0b22fe0688efe2b22342666a7899dfc4f0fec7ccb825fc12e2c500
Static task
static1
Behavioral task
behavioral1
Sample
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68
-
Size
10.3MB
-
MD5
da27a5c1d9a98aff0dfac99dfe082706
-
SHA1
76b7addfd3472df3fc609debde21e296314aa97c
-
SHA256
2faab8b22d14dd97d72730e486c036743b1cd987146438dbc6e32ecfddd84a68
-
SHA512
448a55a95ab81a22f740bd2dd124c1f20df817016d5ca962513959cc0cc328cb9ea71cae4f0b22fe0688efe2b22342666a7899dfc4f0fec7ccb825fc12e2c500
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-