General
-
Target
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1
-
Size
300KB
-
Sample
220707-v98x4sdcgq
-
MD5
374147a63ee6abc639d32022f1484050
-
SHA1
a4fab1a0c5cccba2fdfef7cd0ea864ad59899d85
-
SHA256
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1
-
SHA512
89aea9c3b0b9097e64504cd38057d420c911b6d54045d4ac1030895a73e61767640988782787f788d09c6e63becd048afcd5fe86f1360bc2951e1464abec3e2e
Static task
static1
Behavioral task
behavioral1
Sample
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1
-
Size
300KB
-
MD5
374147a63ee6abc639d32022f1484050
-
SHA1
a4fab1a0c5cccba2fdfef7cd0ea864ad59899d85
-
SHA256
44eefb6a1b37a2b9a995dccb68256de752fb11fa1125a7fc3f2db95b1cccd2f1
-
SHA512
89aea9c3b0b9097e64504cd38057d420c911b6d54045d4ac1030895a73e61767640988782787f788d09c6e63becd048afcd5fe86f1360bc2951e1464abec3e2e
Score10/10-
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-