General
-
Target
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a
-
Size
12.6MB
-
Sample
201115-a6rdmrb966
-
MD5
16545f182e30d00281716f297e67d50f
-
SHA1
19658aaee010ff6cd78896a8bf555cb559f10379
-
SHA256
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a
-
SHA512
fe4466a14aeec1acaf23d9f0a12bb92ea015d80b04fe623d11f4a19e818782696ab41455a47fbce3837923cd8f463b623527a75a916a726dbd79d8d0e8c0976b
Static task
static1
Behavioral task
behavioral1
Sample
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a
-
Size
12.6MB
-
MD5
16545f182e30d00281716f297e67d50f
-
SHA1
19658aaee010ff6cd78896a8bf555cb559f10379
-
SHA256
1b0010a96b91f0095afecaa9b873255808297d7e5a156773f69136a12138639a
-
SHA512
fe4466a14aeec1acaf23d9f0a12bb92ea015d80b04fe623d11f4a19e818782696ab41455a47fbce3837923cd8f463b623527a75a916a726dbd79d8d0e8c0976b
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-