General
-
Target
DevilsLoggerV2.rar
-
Size
18.2MB
-
Sample
221001-petl2shacq
-
MD5
a646c5ea8fc3d4c98da48a9dee601c0d
-
SHA1
93b2cdcae8f4b132ac3f50c209f147e27fdafd35
-
SHA256
f11e5330bd4b80aa1a8c670d4b1f478acec4577a6ed25d56285508d5ee515b8c
-
SHA512
0afebd64e5107fdc50e94c4ab93fa034ebed19ef98506dda4af128a69f4cb84fb7f0fdda934bb4d4b6aec2a37ce7b9d769f6db46113dbba5478c074bcb8fc658
-
SSDEEP
393216:EwX6SsjM389EI6GPKdm6u4QWzT3BCP4RT0CIHUvVsPy:5Tst6LgWJCP0T0CI0vmK
Behavioral task
behavioral1
Sample
DevilsLoggerV2/DevilsLoggerV2.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
DevilsLoggerV2/DevilsLoggerV2.exe
-
Size
18.5MB
-
MD5
62d1ce3dbb3c3ad5c0e4479b6ebf117f
-
SHA1
4fa2f4f34e4e54a3f89769605bfd8f58f60daf97
-
SHA256
e7e3685d03687909f29f2b64cd93573356bd216526738d6331d7d1116986ce65
-
SHA512
d719584eb0e1188bd38aeab146461873b089e83b706779ad8b99953ce9d6f6451171cb45a4bbb7c0666b30d0ced406123e7b4e0c022a32a2653a12b5d69e49ac
-
SSDEEP
393216:0xdyJhooqHK8L2Vmd6ml/m3pqc/eO47G99M9BJHGR8J8WtQFgWDigBK:0zyJ+zHlyVmdXKquP+1mQ8QQFgWDigA
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-