General
-
Target
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
-
Size
14.6MB
-
Sample
210504-veykae1kd6
-
MD5
fd5f567c89f16417f72f449968d0f77a
-
SHA1
f29caf15ee42562de84fcba50ff0149e07e91991
-
SHA256
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
-
SHA512
75d0b1d4559799d59bc877f7f24b4269fd7437e68f317de46326045b2e7440cd61638c4732819221077fdeb487f0177ea74f0921bfb981503900281ca8966d50
Static task
static1
Behavioral task
behavioral1
Sample
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
-
Size
14.6MB
-
MD5
fd5f567c89f16417f72f449968d0f77a
-
SHA1
f29caf15ee42562de84fcba50ff0149e07e91991
-
SHA256
fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
-
SHA512
75d0b1d4559799d59bc877f7f24b4269fd7437e68f317de46326045b2e7440cd61638c4732819221077fdeb487f0177ea74f0921bfb981503900281ca8966d50
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-