General
-
Target
29A0.dll
-
Size
74KB
-
Sample
211112-p1rpksdea4
-
MD5
3766ceff9fad0d5ccd13b060ca5269bb
-
SHA1
8fc8b51db082bc0a34c6088322a070578fb4fb21
-
SHA256
d0ca2f465d8e620742682dbcc955e7a52e20d71333483d31379d776e1ef0be58
-
SHA512
e132814c710195b9993331e9108b08aefe1e0a68572128509329e6747c3c948ebb8d52903b113ebb82a5868d66a0f282c116e05a61fd5c57c09447a8f235a105
Static task
static1
Behavioral task
behavioral1
Sample
29A0.dll
Resource
win7-ja-20211104
Behavioral task
behavioral2
Sample
29A0.dll
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
29A0.dll
Resource
win7-de-20211014
Behavioral task
behavioral4
Sample
29A0.dll
Resource
win11
Behavioral task
behavioral5
Sample
29A0.dll
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
29A0.dll
Resource
win10-en-20211014
Behavioral task
behavioral7
Sample
29A0.dll
Resource
win10-de-20211014
Malware Config
Extracted
icedid
1217670233
lakogrefop.rest
hangetilin.top
follytresh.co
zojecurf.store
-
auth_var
14
-
url_path
/posts/
Targets
-
-
Target
29A0.dll
-
Size
74KB
-
MD5
3766ceff9fad0d5ccd13b060ca5269bb
-
SHA1
8fc8b51db082bc0a34c6088322a070578fb4fb21
-
SHA256
d0ca2f465d8e620742682dbcc955e7a52e20d71333483d31379d776e1ef0be58
-
SHA512
e132814c710195b9993331e9108b08aefe1e0a68572128509329e6747c3c948ebb8d52903b113ebb82a5868d66a0f282c116e05a61fd5c57c09447a8f235a105
Score10/10-
Registers COM server for autorun
-
Sets service image path in registry
-
Drops file in System32 directory
-