General
-
Target
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
-
Size
566KB
-
Sample
220328-vtcjzaggck
-
MD5
16c5205bb1eb990e7ed725890defecce
-
SHA1
9e30385f4b548b6166086bc3096bcb692b18073f
-
SHA256
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
-
SHA512
93e5380cb67a9bb33e989c5fb28cdef71a258c075856c5c2727bebf503100efda486f7003468b4d65d94e6e66a640d1fdafa4e3a670c6be9fe3192776ca58fda
Static task
static1
Behavioral task
behavioral1
Sample
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
-
Size
566KB
-
MD5
16c5205bb1eb990e7ed725890defecce
-
SHA1
9e30385f4b548b6166086bc3096bcb692b18073f
-
SHA256
570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
-
SHA512
93e5380cb67a9bb33e989c5fb28cdef71a258c075856c5c2727bebf503100efda486f7003468b4d65d94e6e66a640d1fdafa4e3a670c6be9fe3192776ca58fda
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-