General
-
Target
Setup.exe
-
Size
21.6MB
-
Sample
220930-z4mj5sfhbr
-
MD5
7f814d71e0918ad91268db37df3d219a
-
SHA1
37cf287ea6f3f75bb81955c54f6377ab44a7694a
-
SHA256
c4473a3aa2381bba779b990bb508a50341e43808432d1c9c10eb430b1066d424
-
SHA512
ad1281fff4418b78e08a786059d8a2b405117802baaabceb35063c5b73fcfc3b66663e3f770e5750c97c3ccbcbab40924ef74f3b58eed66de1aa8b0c7b162fe6
-
SSDEEP
393216:LxdyJhoonHWpOnz6L2Vmd6mI/m3pwc/eO47G99M9BJHOGJYwM7Ym4p/lJUgxb1:LzyJ+UHg4GyVmdSKwuP+1RYcDTxb1
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
21.6MB
-
MD5
7f814d71e0918ad91268db37df3d219a
-
SHA1
37cf287ea6f3f75bb81955c54f6377ab44a7694a
-
SHA256
c4473a3aa2381bba779b990bb508a50341e43808432d1c9c10eb430b1066d424
-
SHA512
ad1281fff4418b78e08a786059d8a2b405117802baaabceb35063c5b73fcfc3b66663e3f770e5750c97c3ccbcbab40924ef74f3b58eed66de1aa8b0c7b162fe6
-
SSDEEP
393216:LxdyJhoonHWpOnz6L2Vmd6mI/m3pwc/eO47G99M9BJHOGJYwM7Ym4p/lJUgxb1:LzyJ+UHg4GyVmdSKwuP+1RYcDTxb1
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-