General
-
Target
MyNDISPlan.scr
-
Size
40KB
-
Sample
220423-q1jjmsggfk
-
MD5
c025124d271f7e1ca674ba43c7e069ad
-
SHA1
c02c4ed76dcf923e8ffff93ef6c68695d2e9a986
-
SHA256
78073cd80cd2ce04aa2f089760a60ffc494bd241eaa9787b17573eb152692ba5
-
SHA512
e72a5133237b84ae31e81385883965f8570c7b04e9fee2af0f02ee188b63f3bca9cc44a8ffdd869b72f598145c5f9b9f5ad105d567b7340d9804c017a7176a85
Static task
static1
Behavioral task
behavioral1
Sample
MyNDISPlan.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MyNDISPlan.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
MyNDISPlan.scr
-
Size
40KB
-
MD5
c025124d271f7e1ca674ba43c7e069ad
-
SHA1
c02c4ed76dcf923e8ffff93ef6c68695d2e9a986
-
SHA256
78073cd80cd2ce04aa2f089760a60ffc494bd241eaa9787b17573eb152692ba5
-
SHA512
e72a5133237b84ae31e81385883965f8570c7b04e9fee2af0f02ee188b63f3bca9cc44a8ffdd869b72f598145c5f9b9f5ad105d567b7340d9804c017a7176a85
Score10/10-
suricata: ET MALWARE Common Upatre Header Structure 2
suricata: ET MALWARE Common Upatre Header Structure 2
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-