General
-
Target
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2
-
Size
2.5MB
-
Sample
210517-fc8c1j1faj
-
MD5
1ba6b23a139f0f46c31f74b174f48be2
-
SHA1
1c7a38a017f9444dbb6879279d4e12c2cc01c83c
-
SHA256
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2
-
SHA512
f0b788429de97fde2c3575d845a6cbe19fe22a3562417005a5db26dedc57cbfd27b914d8c8a12c58c6eabab0eeea6e7caf62e40cadbb286c4287e5c417a00565
Static task
static1
Behavioral task
behavioral1
Sample
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2.exe
Resource
win10v20210410
Malware Config
Extracted
https://pastebin.com/raw/gC5dfjh9
Targets
-
-
Target
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2
-
Size
2.5MB
-
MD5
1ba6b23a139f0f46c31f74b174f48be2
-
SHA1
1c7a38a017f9444dbb6879279d4e12c2cc01c83c
-
SHA256
4ac6131d639aa802302ab4cf32b959f9ab5ec76752cc297eb380d5c23d4a68f2
-
SHA512
f0b788429de97fde2c3575d845a6cbe19fe22a3562417005a5db26dedc57cbfd27b914d8c8a12c58c6eabab0eeea6e7caf62e40cadbb286c4287e5c417a00565
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-