General
-
Target
Secure_Viewer.exe_
-
Size
1.4MB
-
Sample
210311-aaatl3tt96
-
MD5
0c09489446c609ba6893455661948ac7
-
SHA1
46e09d46a00ea8f151b661db6332c83695b1cf90
-
SHA256
4807f8fce08612cc316476fe34aa497188810fc10102c6c07bf18142655eb252
-
SHA512
07f3211408bb75cb25bad4042e3246320b38cd1d30d77635c38f12687bd90ca5b2f8241883aae0a956a606186b3ec0945dd4ad36c3944c1126aae98f2402ae06
Static task
static1
Behavioral task
behavioral1
Sample
Secure_Viewer.exe_.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Secure_Viewer.exe_
-
Size
1.4MB
-
MD5
0c09489446c609ba6893455661948ac7
-
SHA1
46e09d46a00ea8f151b661db6332c83695b1cf90
-
SHA256
4807f8fce08612cc316476fe34aa497188810fc10102c6c07bf18142655eb252
-
SHA512
07f3211408bb75cb25bad4042e3246320b38cd1d30d77635c38f12687bd90ca5b2f8241883aae0a956a606186b3ec0945dd4ad36c3944c1126aae98f2402ae06
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-