General
-
Target
51f9ec34c7094e6baaf3ee4a0d1bf9f4.exe
-
Size
505KB
-
Sample
210413-8drjfxq1es
-
MD5
51f9ec34c7094e6baaf3ee4a0d1bf9f4
-
SHA1
b94cf497d51f6bcd3b26640514a9ecea2e72ad5d
-
SHA256
c30de5a8c243dcee3ad3f971985ac2608c6678dd0e0869296f64243c5178f85e
-
SHA512
beb10eb881b801e2fd6e3315225a313c3e28870a437fca062c758e8be32a8eb732f80b3c25d0b7a1956d270d6eca41ddabffcc1e2f150a7a5e9f7e6fafb5c6d7
Static task
static1
Behavioral task
behavioral1
Sample
51f9ec34c7094e6baaf3ee4a0d1bf9f4.exe
Resource
win7v20210408
Malware Config
Extracted
Protocol: ftp- Host:
213.252.244.165 - Port:
21 - Username:
user - Password:
aiojdjinfbSDFGOJNI2346IJNOFGBIKJ
Extracted
raccoon
f6a4646c17af7db77b0a5aba1906d97ffcdd34ed
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
51f9ec34c7094e6baaf3ee4a0d1bf9f4.exe
-
Size
505KB
-
MD5
51f9ec34c7094e6baaf3ee4a0d1bf9f4
-
SHA1
b94cf497d51f6bcd3b26640514a9ecea2e72ad5d
-
SHA256
c30de5a8c243dcee3ad3f971985ac2608c6678dd0e0869296f64243c5178f85e
-
SHA512
beb10eb881b801e2fd6e3315225a313c3e28870a437fca062c758e8be32a8eb732f80b3c25d0b7a1956d270d6eca41ddabffcc1e2f150a7a5e9f7e6fafb5c6d7
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-