General
-
Target
msals.dll
-
Size
210KB
-
Sample
210318-bqp5ka4jla
-
MD5
180f00447097c0a22248bd0f8499c1f8
-
SHA1
7a53bf2baadc6ae47b4ee7e2bd2c1d9e480f349f
-
SHA256
008cef736fa8dd4458ceff73a8cdfcb0e2deb1ab4534fcae9f196b6577723121
-
SHA512
84c465ebfb46df7d94cdf2f9ef50277ce9ead99bb5f843c4cae9ab9b5f43c1a9326e25d7c998d46b69b0fb46855c4af1879eed133e75d25ab5c3c4ffdd9d04a4
Static task
static1
Behavioral task
behavioral1
Sample
msals.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
msals.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
msals.dll
-
Size
210KB
-
MD5
180f00447097c0a22248bd0f8499c1f8
-
SHA1
7a53bf2baadc6ae47b4ee7e2bd2c1d9e480f349f
-
SHA256
008cef736fa8dd4458ceff73a8cdfcb0e2deb1ab4534fcae9f196b6577723121
-
SHA512
84c465ebfb46df7d94cdf2f9ef50277ce9ead99bb5f843c4cae9ab9b5f43c1a9326e25d7c998d46b69b0fb46855c4af1879eed133e75d25ab5c3c4ffdd9d04a4
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-