General
-
Target
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
-
Size
1.1MB
-
Sample
221003-b1yk8sagg9
-
MD5
044cb19e4e1942fb0b1004f9b151eec0
-
SHA1
c8bddbb3905526bbad18edf7653633bb63880b61
-
SHA256
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
-
SHA512
3b6cdaeaf1149f326007c471b5b0bb7b7874f70560dc8474c0da2d5abfa733aa8d00627d3b80724b1fa1d96fde7ec420bd04fd4c150d3bb3fe98c223aa59cc41
-
SSDEEP
24576:QHouPLIqkATOei7WB5GCD/YlklobAXewM:sP1jAWyCk2obAXzM
Static task
static1
Behavioral task
behavioral1
Sample
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://93.115.82.248/?0=1&1=0&2=3&3=i&4=7601&5=1&6=1111&7=xktvprlbvt
Targets
-
-
Target
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
-
Size
1.1MB
-
MD5
044cb19e4e1942fb0b1004f9b151eec0
-
SHA1
c8bddbb3905526bbad18edf7653633bb63880b61
-
SHA256
0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
-
SHA512
3b6cdaeaf1149f326007c471b5b0bb7b7874f70560dc8474c0da2d5abfa733aa8d00627d3b80724b1fa1d96fde7ec420bd04fd4c150d3bb3fe98c223aa59cc41
-
SSDEEP
24576:QHouPLIqkATOei7WB5GCD/YlklobAXewM:sP1jAWyCk2obAXzM
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-