General
-
Target
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
-
Size
20KB
-
Sample
220320-ynnxlafdg7
-
MD5
a2dd642315f3cc6b44241c31ec964ea3
-
SHA1
6a2426de100f63c884a54ed12013e3094e6fe10b
-
SHA256
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
-
SHA512
843e056ea08680540f2338c2c73e71777e9b395273bb56480f121d2074f1bb7957f798c198bd1840b2fc2b74a756a6c7be621ee545e2aab3f1212f176d7f5bae
Static task
static1
Behavioral task
behavioral1
Sample
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
hancitor
2311_nsdir
http://templogio.com/9/forum.php
http://johommeract.ru/9/forum.php
http://amesibiquand.ru/9/forum.php
Targets
-
-
Target
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
-
Size
20KB
-
MD5
a2dd642315f3cc6b44241c31ec964ea3
-
SHA1
6a2426de100f63c884a54ed12013e3094e6fe10b
-
SHA256
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
-
SHA512
843e056ea08680540f2338c2c73e71777e9b395273bb56480f121d2074f1bb7957f798c198bd1840b2fc2b74a756a6c7be621ee545e2aab3f1212f176d7f5bae
Score8/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-