General
-
Target
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05
-
Size
9.9MB
-
Sample
210302-cspjygawj2
-
MD5
37dd37036261a48f03938339d7990506
-
SHA1
e34be4878b38bc4ca11162eef0430bb776da8795
-
SHA256
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05
-
SHA512
b6570cf2a7af265a195f355dcaac93e751bcef00dff9cd3d25a3213a6ce500c3d9275138d007acc4f50125aedd063c96dc03dfb728aab890aacefdc5a687c0a4
Static task
static1
Behavioral task
behavioral1
Sample
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05
-
Size
9.9MB
-
MD5
37dd37036261a48f03938339d7990506
-
SHA1
e34be4878b38bc4ca11162eef0430bb776da8795
-
SHA256
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05
-
SHA512
b6570cf2a7af265a195f355dcaac93e751bcef00dff9cd3d25a3213a6ce500c3d9275138d007acc4f50125aedd063c96dc03dfb728aab890aacefdc5a687c0a4
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-