General
-
Target
data.cmp.exe
-
Size
281KB
-
Sample
210518-vvkc9pfsfn
-
MD5
0e61e496fc218c1c6dc1f5640a3ac7e5
-
SHA1
aae1b11aa9f2b0a2e32577db8026b843dc16a79d
-
SHA256
a0070951284e17ec843b498d0a11f4a2ebb8ce64c9f27faf7af96124fd691b1e
-
SHA512
7b7d6acf3a8f1f2c948cdac035543715d0dc235a169f01127579685f54c7851b06130d5ac4db9345cdb2a6fedfec0395fe306d2f2f2a2bfa45847e325e0c49fd
Static task
static1
Behavioral task
behavioral1
Sample
data.cmp.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
data.cmp.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
http://7puh3g2lpzut32wetfpohiireazmhoyrkllqescem2jd567rdur2ojyd.onion/contact/4E2840E1
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\info.hta
http://7puh3g2lpzut32wetfpohiireazmhoyrkllqescem2jd567rdur2ojyd.onion/contact/4E2840E1
http://decryptmyfiles.top/contact/4E2840E1
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
http://7puh3g2lpzut32wetfpohiireazmhoyrkllqescem2jd567rdur2ojyd.onion/contact/4E2840E1
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
http://7puh3g2lpzut32wetfpohiireazmhoyrkllqescem2jd567rdur2ojyd.onion/contact/5940DACA
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\info.hta
http://7puh3g2lpzut32wetfpohiireazmhoyrkllqescem2jd567rdur2ojyd.onion/contact/5940DACA
http://decryptmyfiles.top/contact/5940DACA
Targets
-
-
Target
data.cmp.exe
-
Size
281KB
-
MD5
0e61e496fc218c1c6dc1f5640a3ac7e5
-
SHA1
aae1b11aa9f2b0a2e32577db8026b843dc16a79d
-
SHA256
a0070951284e17ec843b498d0a11f4a2ebb8ce64c9f27faf7af96124fd691b1e
-
SHA512
7b7d6acf3a8f1f2c948cdac035543715d0dc235a169f01127579685f54c7851b06130d5ac4db9345cdb2a6fedfec0395fe306d2f2f2a2bfa45847e325e0c49fd
Score10/10-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-