General
-
Target
F8F7.exe
-
Size
3.7MB
-
Sample
210215-29gz8b7aes
-
MD5
7b33b0d3b84d793f7659c3fdb1adfc75
-
SHA1
997b3f37f038d3ffb711ff5e87baab4300b5c712
-
SHA256
6c55fb2c4b1bffecc10e1386ef56497faccaa576e9cca0370073750a79f8d6d1
-
SHA512
22937f263276ce17272769c7807f4978161de9df5e8486bcb925b719bbfc77ca9f93d68d4511be5c35affa42449b29d9df34b552919afb096d372740fd4daff6
Static task
static1
Behavioral task
behavioral1
Sample
F8F7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
F8F7.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
F8F7.exe
-
Size
3.7MB
-
MD5
7b33b0d3b84d793f7659c3fdb1adfc75
-
SHA1
997b3f37f038d3ffb711ff5e87baab4300b5c712
-
SHA256
6c55fb2c4b1bffecc10e1386ef56497faccaa576e9cca0370073750a79f8d6d1
-
SHA512
22937f263276ce17272769c7807f4978161de9df5e8486bcb925b719bbfc77ca9f93d68d4511be5c35affa42449b29d9df34b552919afb096d372740fd4daff6
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-