General
-
Target
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150
-
Size
11.9MB
-
Sample
201115-s6yvjajjna
-
MD5
8b67b5494864cc71ece704b8bb3fb2e8
-
SHA1
3141e6c8be3b3b2891fb6cc5acd87b8dbddd0e7f
-
SHA256
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150
-
SHA512
4f7bfc5d1d6fa5f2403a9958e169c45d1c140bc955b3568e0df9bc6a436afbd49184ee6f64c98cd3107712fcd406ce6ddf84b3112c3203dbf3c883a72071f484
Static task
static1
Behavioral task
behavioral1
Sample
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150
-
Size
11.9MB
-
MD5
8b67b5494864cc71ece704b8bb3fb2e8
-
SHA1
3141e6c8be3b3b2891fb6cc5acd87b8dbddd0e7f
-
SHA256
a68fdcf20edd58c06346f6e88d7999a201d5e2592aa955e40645f363b253e150
-
SHA512
4f7bfc5d1d6fa5f2403a9958e169c45d1c140bc955b3568e0df9bc6a436afbd49184ee6f64c98cd3107712fcd406ce6ddf84b3112c3203dbf3c883a72071f484
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-