General
-
Target
15d3b7ae0f5586fa70da1da483dac816f2cdfc464c558c0426707e4a86443e0d
-
Size
1.2MB
-
Sample
220521-bx5v5sfgap
-
MD5
4565974075139d6d914f39177605505b
-
SHA1
0ec26fa268fb3c3655be95422598840faaee689e
-
SHA256
15d3b7ae0f5586fa70da1da483dac816f2cdfc464c558c0426707e4a86443e0d
-
SHA512
eaa025b451047a91ca51d4ea4bdd6a6c6b46f7613f56e24df2a41692964d0f436461434b394b85d4668f67e248d5338735093d566a3f94ce32ca86969038f52d
Static task
static1
Behavioral task
behavioral1
Sample
INV_2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV_2020.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
INV_2020.EXE
-
Size
311KB
-
MD5
032e8660388186848cda8c3955f53202
-
SHA1
356a668840a4dc5fc9a209189ffed7a462c8633a
-
SHA256
24b2017e1fe4fa3f2616c1465cdb707abf300800da51ca3158580be6207876d8
-
SHA512
042ebc16e9f0c1b3ad55278b9a5f095415aef6266d3a6ce7047450fb2e3479294435ec544b7eee542427feb160cc1700c6a62babd9664fb14aa546146f4d9e30
Score10/10-
404 Keylogger Main Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-