General
-
Target
express.exe
-
Size
13.0MB
-
Sample
210924-kqhxgagdel
-
MD5
e8a102040d074c0fa5a65f3fc157f689
-
SHA1
79c6c37ad7b1278052ab996d643e7bf1d2c468e1
-
SHA256
868fe53622b538574df3f1df1eccf57c9b43039a49dc1f7c1cc92663bfb4314d
-
SHA512
9835ca5886e54fffb6f1e0af57b0385d389a59e4d23c21dfede6b8749cef0a2c5879b30fb6036db5c9338b5b0c0a9b496b141f626796fbf27f5d38d733edf416
Static task
static1
Behavioral task
behavioral1
Sample
express.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
express.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
express.exe
-
Size
13.0MB
-
MD5
e8a102040d074c0fa5a65f3fc157f689
-
SHA1
79c6c37ad7b1278052ab996d643e7bf1d2c468e1
-
SHA256
868fe53622b538574df3f1df1eccf57c9b43039a49dc1f7c1cc92663bfb4314d
-
SHA512
9835ca5886e54fffb6f1e0af57b0385d389a59e4d23c21dfede6b8749cef0a2c5879b30fb6036db5c9338b5b0c0a9b496b141f626796fbf27f5d38d733edf416
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-