General
-
Target
a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
-
Size
5.8MB
-
Sample
220511-3aetzsfcgr
-
MD5
8fb56c2b40e3c7288d5ed5b0df5a7ea6
-
SHA1
4442c48c00a4b097a49db5417090465fb31ebd94
-
SHA256
a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
-
SHA512
39e77d632e885ab49022a93f047d38b378714824f935a9e0ce8c68c09b3360f7f3c774b6f386810220b8b74513b56e7ebbe4f428a375bd65b8f369c2c2ae2a33
Static task
static1
Behavioral task
behavioral1
Sample
a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
-
Size
5.8MB
-
MD5
8fb56c2b40e3c7288d5ed5b0df5a7ea6
-
SHA1
4442c48c00a4b097a49db5417090465fb31ebd94
-
SHA256
a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
-
SHA512
39e77d632e885ab49022a93f047d38b378714824f935a9e0ce8c68c09b3360f7f3c774b6f386810220b8b74513b56e7ebbe4f428a375bd65b8f369c2c2ae2a33
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-