General
-
Target
MDE_File_Sample_78813410b8c43ef0de41fbd282331d58aeebfc0b.zip
-
Size
1.9MB
-
Sample
211021-m1dfvabadq
-
MD5
2b563a9f1f47c9d12702817eda527242
-
SHA1
94eaaea21391c960761403ae8eeff77002608e1d
-
SHA256
a0f3cd3cfceabc6f146b3b4f58c4541297f0020387d99e6682aee45d56021431
-
SHA512
0bb2c57fc75a25b6a6a9cc116b63dde9f83f276f4823625e591da1c3c2313f89b8d98be68fe01648b0a34e42f99cebde334f66e437be04170d7eecf59b9643e0
Static task
static1
Behavioral task
behavioral1
Sample
3.4.8_42394.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
3.4.8_42394.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
3.4.8_42394.exe
-
Size
1.9MB
-
MD5
5a44930c53bb377931f93dfe05252fcc
-
SHA1
78813410b8c43ef0de41fbd282331d58aeebfc0b
-
SHA256
3552e089115f61e578657136aab87c67b312d8f65bd7ba6c0d50723f3d615a0e
-
SHA512
b061cd9a9a0dc61adf8c789bb7fb346362feee7080535cadd52b094804c5ac94e10058c900fc14dc7a72db4ab0fdeac1a5801b597477caaa100bd2da41cd0875
Score8/10-
Blocklisted process makes network request
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-