General
-
Target
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d
-
Size
11.5MB
-
Sample
201115-9gh1ajp1ns
-
MD5
f5798b53c6d1bbc353d1392290fb820b
-
SHA1
177dcf9893e497e484751bcb8724b941e41f1624
-
SHA256
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d
-
SHA512
6b2d3e612351882627267458a5dfef0daec991fdd064950df21aa977336271e8377487688af8c213df932899b40f021f4339d715ca05276d14fba68a8f4397d0
Static task
static1
Behavioral task
behavioral1
Sample
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d
-
Size
11.5MB
-
MD5
f5798b53c6d1bbc353d1392290fb820b
-
SHA1
177dcf9893e497e484751bcb8724b941e41f1624
-
SHA256
24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d
-
SHA512
6b2d3e612351882627267458a5dfef0daec991fdd064950df21aa977336271e8377487688af8c213df932899b40f021f4339d715ca05276d14fba68a8f4397d0
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-