General
-
Target
5d91a29ea526e4630883fd17a5e43f9b.exe
-
Size
31KB
-
Sample
201117-zjj86g3ypa
-
MD5
5d91a29ea526e4630883fd17a5e43f9b
-
SHA1
6615060efc5b5d439a6ac0246d9668c797e98692
-
SHA256
a86bc10b92d0cdefbbcb2e58ea78b165ff8983599356ceb81311f92c759bf36f
-
SHA512
329bd44f37812a54b468fdb06665aa93bf434aa4f5f1c6dbb68c1f86a5e3bd900929387407edbd6ed6ba6c148fff0136113be4fa11fb08431dedd6be817ac7c1
Static task
static1
Behavioral task
behavioral1
Sample
5d91a29ea526e4630883fd17a5e43f9b.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
5d91a29ea526e4630883fd17a5e43f9b.exe
-
Size
31KB
-
MD5
5d91a29ea526e4630883fd17a5e43f9b
-
SHA1
6615060efc5b5d439a6ac0246d9668c797e98692
-
SHA256
a86bc10b92d0cdefbbcb2e58ea78b165ff8983599356ceb81311f92c759bf36f
-
SHA512
329bd44f37812a54b468fdb06665aa93bf434aa4f5f1c6dbb68c1f86a5e3bd900929387407edbd6ed6ba6c148fff0136113be4fa11fb08431dedd6be817ac7c1
-
Phorphiex Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-