General
-
Target
2c73be6b374db37dd28a204f49d78a61ebcc678a9164828b9f01e50e06ece3cb
-
Size
534KB
-
Sample
210302-gpqnjgn76x
-
MD5
fda53610c25408e427c84eebdc5b8ec2
-
SHA1
13830e44fb35c5f6d4750abd620ecb4df85e7a6a
-
SHA256
2c73be6b374db37dd28a204f49d78a61ebcc678a9164828b9f01e50e06ece3cb
-
SHA512
617b6fb67057c7207cbe9f73be85b6f4d9d69462aee9b526a1bea085d1c101f7ff9da98da6a0e266bd49cafc41c0cdb741453bc76e9c09011bf4f1ec446f52e7
Static task
static1
Behavioral task
behavioral1
Sample
2c73be6b374db37dd28a204f49d78a61ebcc678a9164828b9f01e50e06ece3cb.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
2c73be6b374db37dd28a204f49d78a61ebcc678a9164828b9f01e50e06ece3cb
-
Size
534KB
-
MD5
fda53610c25408e427c84eebdc5b8ec2
-
SHA1
13830e44fb35c5f6d4750abd620ecb4df85e7a6a
-
SHA256
2c73be6b374db37dd28a204f49d78a61ebcc678a9164828b9f01e50e06ece3cb
-
SHA512
617b6fb67057c7207cbe9f73be85b6f4d9d69462aee9b526a1bea085d1c101f7ff9da98da6a0e266bd49cafc41c0cdb741453bc76e9c09011bf4f1ec446f52e7
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-