General
-
Target
FvzBAeFDuwBdp64U.exe
-
Size
30.9MB
-
Sample
220920-lg25esgbem
-
MD5
5542452ea869f36e244b4e36778402e1
-
SHA1
73428a883c9b9be7fa2232886518303930696cf0
-
SHA256
2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6
-
SHA512
09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e
-
SSDEEP
786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU
Malware Config
Targets
-
-
Target
FvzBAeFDuwBdp64U.exe
-
Size
30.9MB
-
MD5
5542452ea869f36e244b4e36778402e1
-
SHA1
73428a883c9b9be7fa2232886518303930696cf0
-
SHA256
2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6
-
SHA512
09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e
-
SSDEEP
786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-