General
-
Target
Ui12Poakf.t0mp
-
Size
648KB
-
Sample
210216-vbe2x2bg6a
-
MD5
fce1d022cd3570459828982e6a101409
-
SHA1
9f63b7667627bf861e17f39c313b2849b0d4d1d1
-
SHA256
b1857c98c1d2ffec750c9f4b110cfa6f29289ad81bb2c622487f77eb98638288
-
SHA512
0b6a0ee8c3110f9c2610bce6d8d1315db17790469814e3f2c57406f217a4709f124be37541971100138d87d72af8ee22fbbf951709bbac3c6c5a59fe3f4b81b5
Static task
static1
Behavioral task
behavioral1
Sample
Ui12Poakf.t0mp.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Ui12Poakf.t0mp.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
1602_78210h
http://eviddinlahal.com/8/forum.php
http://saisepsdrablis.ru/8/forum.php
http://obvionsweyband.ru/8/forum.php
Targets
-
-
Target
Ui12Poakf.t0mp
-
Size
648KB
-
MD5
fce1d022cd3570459828982e6a101409
-
SHA1
9f63b7667627bf861e17f39c313b2849b0d4d1d1
-
SHA256
b1857c98c1d2ffec750c9f4b110cfa6f29289ad81bb2c622487f77eb98638288
-
SHA512
0b6a0ee8c3110f9c2610bce6d8d1315db17790469814e3f2c57406f217a4709f124be37541971100138d87d72af8ee22fbbf951709bbac3c6c5a59fe3f4b81b5
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-