General
-
Target
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
-
Size
5.2MB
-
Sample
210710-89hyhpsaw6
-
MD5
0bff2eb7cf8fbbf17ff6594b09101e3b
-
SHA1
bfa77a5afa5d45aa178edc14361ca2a5825c96f5
-
SHA256
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
-
SHA512
0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
Static task
static1
Behavioral task
behavioral1
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
-
Size
5.2MB
-
MD5
0bff2eb7cf8fbbf17ff6594b09101e3b
-
SHA1
bfa77a5afa5d45aa178edc14361ca2a5825c96f5
-
SHA256
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
-
SHA512
0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-