General
-
Target
6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3.zip
-
Size
481KB
-
Sample
210404-pe8qwwv14x
-
MD5
ba76e79a083fa07e8fed1a7c650ae21d
-
SHA1
bfd2dcdb58052ac06f57842e1a3c0e6229722c4b
-
SHA256
93f2dc37243ae1365ee519eaa6042aa5762e5e18fef8cb7e4bc7b657525c6895
-
SHA512
58d91a127f5a56f20686e6f6ad0f810335a88683f079c77057629adf15796953a1a757bc48ad76ffbfe2c63428ad062c8c70a8d145d0cb6ac1aafaa5d537a25e
Static task
static1
Behavioral task
behavioral1
Sample
6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3.js
Resource
win7v20201028
Malware Config
Targets
-
-
Target
6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3.js
-
Size
2.5MB
-
MD5
d7445ce4be501700003a79023147e9b9
-
SHA1
2d80ceba1af9a16ef2b8186c5f46a19e984837f3
-
SHA256
6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3
-
SHA512
61d1c6d20b793b3f47143db918b66f8968cb43b0f5aee20d73ce009e6c2f924336a7f58b10ba631bff164371a9e80787ae3ac50caaa1943b57750b788db3ddc2
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of SetThreadContext
-