General
-
Target
Static.dll
-
Size
351KB
-
Sample
210225-q4n9vjptge
-
MD5
f83f57a080a7ae18947658684d275eb2
-
SHA1
a61d01fb106540fabe402e0cf462b8fb52f3a2fa
-
SHA256
4b89b68ee6d537954ea5987106f6416665bb5dc641b14861b00414e67732588f
-
SHA512
83dacd4d8ca99fdbf547db3c49ffbe8f30563730f72af3c2d32e1599ea68a5b617fff518c4d45c99ecf0c704f4e43ee6d7d6a5b796d879aab4850b8b408e009e
Static task
static1
Behavioral task
behavioral1
Sample
Static.dll
Resource
win7v20201028
Malware Config
Extracted
hancitor
2502_ser3402
http://speritentz.com/8/forum.php
http://afternearde.ru/8/forum.php
http://counivicop.ru/8/forum.php
Targets
-
-
Target
Static.dll
-
Size
351KB
-
MD5
f83f57a080a7ae18947658684d275eb2
-
SHA1
a61d01fb106540fabe402e0cf462b8fb52f3a2fa
-
SHA256
4b89b68ee6d537954ea5987106f6416665bb5dc641b14861b00414e67732588f
-
SHA512
83dacd4d8ca99fdbf547db3c49ffbe8f30563730f72af3c2d32e1599ea68a5b617fff518c4d45c99ecf0c704f4e43ee6d7d6a5b796d879aab4850b8b408e009e
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-