General
-
Target
nlOiE.jpg
-
Size
745KB
-
Sample
210112-q7pndqt7qn
-
MD5
a20b49ae1d1200c84a0344f5ad3353dd
-
SHA1
3c4e0a61b36c90603d540d83471ab07efe330055
-
SHA256
2834d72111e621f895420cd798a08fd8da8371c1062eb0b9bbc7446d7212804e
-
SHA512
1e80bf08e024d86792c680cf12fc53c6e7fe52d1c1a02c990ce46cda410c4dab6840912b4894cd97f3cf74dfa401bd56eba43187f14fe1735c133fc6bea9f5da
Static task
static1
Behavioral task
behavioral1
Sample
nlOiE.jpg.ps1
Resource
win7v20201028
Behavioral task
behavioral2
Sample
nlOiE.jpg.ps1
Resource
win10v20201028
Malware Config
Targets
-
-
Target
nlOiE.jpg
-
Size
745KB
-
MD5
a20b49ae1d1200c84a0344f5ad3353dd
-
SHA1
3c4e0a61b36c90603d540d83471ab07efe330055
-
SHA256
2834d72111e621f895420cd798a08fd8da8371c1062eb0b9bbc7446d7212804e
-
SHA512
1e80bf08e024d86792c680cf12fc53c6e7fe52d1c1a02c990ce46cda410c4dab6840912b4894cd97f3cf74dfa401bd56eba43187f14fe1735c133fc6bea9f5da
Score6/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-