General
-
Target
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
-
Size
829KB
-
Sample
220719-zx5gdadag2
-
MD5
2cfe62a4b6477f49bcb39489ac799406
-
SHA1
ad1ea2f9cc41d380508bf9d7a53ad69096133a32
-
SHA256
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
-
SHA512
0d186ab978618c0ac5ef4e561d3b4964e23b6fd3868cf67380e866a100a6fb948f6e40975d192cb9cac542ca830fc2defa72b10168230967bf1adae46d9afea1
Static task
static1
Behavioral task
behavioral1
Sample
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.spytector.com - Port:
21 - Username:
gings@spytector.com - Password:
751g902S
Targets
-
-
Target
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
-
Size
829KB
-
MD5
2cfe62a4b6477f49bcb39489ac799406
-
SHA1
ad1ea2f9cc41d380508bf9d7a53ad69096133a32
-
SHA256
4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
-
SHA512
0d186ab978618c0ac5ef4e561d3b4964e23b6fd3868cf67380e866a100a6fb948f6e40975d192cb9cac542ca830fc2defa72b10168230967bf1adae46d9afea1
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-