General
-
Target
updatechannel4.exe
-
Size
13KB
-
Sample
210405-7mtzl3wsfn
-
MD5
8e9df5d267e02aee6e6e2427fa2e2454
-
SHA1
b125acffe65fdb28960f5bac489e899b910659f5
-
SHA256
937d2620a998f635ee40359f9a401a6c1c3c22600a6e78c8f8a760ea67d16553
-
SHA512
a72336565a6a48cfbad2ceb12fad89889e1f3e9e06a5ba5cb5a0c79abd960f48c2c81806a82c909cd6cda94cc6326ce0e5747e530fb4ab63a7827f9160a83a72
Static task
static1
Behavioral task
behavioral1
Sample
updatechannel4.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
updatechannel4.exe
Resource
win10v20201028
Malware Config
Extracted
raccoon
3d7990f080e9dcb56104447e3789dec4380efc8b
-
url4cnc
https://telete.in/jvadikkamushkin
Targets
-
-
Target
updatechannel4.exe
-
Size
13KB
-
MD5
8e9df5d267e02aee6e6e2427fa2e2454
-
SHA1
b125acffe65fdb28960f5bac489e899b910659f5
-
SHA256
937d2620a998f635ee40359f9a401a6c1c3c22600a6e78c8f8a760ea67d16553
-
SHA512
a72336565a6a48cfbad2ceb12fad89889e1f3e9e06a5ba5cb5a0c79abd960f48c2c81806a82c909cd6cda94cc6326ce0e5747e530fb4ab63a7827f9160a83a72
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-