General
-
Target
cf5546412e349b49b8aafb77af57b5d6.exe
-
Size
526KB
-
Sample
210413-h5a7he33jx
-
MD5
cf5546412e349b49b8aafb77af57b5d6
-
SHA1
8f83ecc2c0d0046c51fab5c75e419c0d2adde1a2
-
SHA256
49ae8012110cb36ae61a138a492531bc6ddb2d69618bffef6a93077fefba3a51
-
SHA512
0de60ca7d2e239e58cdacef8bb45f1be752a72e19d6a587e43746b19d5f5f611615fc671a54127395b41cdfb825cb927dd5e94c869a097bf4e77622430cecd3d
Static task
static1
Behavioral task
behavioral1
Sample
cf5546412e349b49b8aafb77af57b5d6.exe
Resource
win7v20210408
Malware Config
Extracted
Protocol: ftp- Host:
213.252.244.165 - Port:
21 - Username:
user - Password:
aiojdjinfbSDFGOJNI2346IJNOFGBIKJ
Extracted
raccoon
f6a4646c17af7db77b0a5aba1906d97ffcdd34ed
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
cf5546412e349b49b8aafb77af57b5d6.exe
-
Size
526KB
-
MD5
cf5546412e349b49b8aafb77af57b5d6
-
SHA1
8f83ecc2c0d0046c51fab5c75e419c0d2adde1a2
-
SHA256
49ae8012110cb36ae61a138a492531bc6ddb2d69618bffef6a93077fefba3a51
-
SHA512
0de60ca7d2e239e58cdacef8bb45f1be752a72e19d6a587e43746b19d5f5f611615fc671a54127395b41cdfb825cb927dd5e94c869a097bf4e77622430cecd3d
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-