General
-
Target
217dd4ed8ba339c5520ee9da7bea82f3b86d269d4d9fdf439907531936bfb2c3
-
Size
3.6MB
-
Sample
220709-j1gxgsdagn
-
MD5
c24343c6687a0b2bec9bd6bc5350fcd0
-
SHA1
49d55bdbfa21b4e8219238b8df166f601764107a
-
SHA256
217dd4ed8ba339c5520ee9da7bea82f3b86d269d4d9fdf439907531936bfb2c3
-
SHA512
3311bf4284f87bf7bda521ec181432c9f3d23c1c6e72070980f3d4a7aa69257ee7452099043f092b8d1227de17aa770148c9dc10d7ba1b0bc0e0414f1d08a66b
Static task
static1
Behavioral task
behavioral1
Sample
217dd4ed8ba339c5520ee9da7bea82f3b86d269d4d9fdf439907531936bfb2c3.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
217dd4ed8ba339c5520ee9da7bea82f3b86d269d4d9fdf439907531936bfb2c3
-
Size
3.6MB
-
MD5
c24343c6687a0b2bec9bd6bc5350fcd0
-
SHA1
49d55bdbfa21b4e8219238b8df166f601764107a
-
SHA256
217dd4ed8ba339c5520ee9da7bea82f3b86d269d4d9fdf439907531936bfb2c3
-
SHA512
3311bf4284f87bf7bda521ec181432c9f3d23c1c6e72070980f3d4a7aa69257ee7452099043f092b8d1227de17aa770148c9dc10d7ba1b0bc0e0414f1d08a66b
-
Modifies firewall policy service
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
-
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
-
Contacts a large (18123) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (33671) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-