General
-
Target
b32111e5b612a5624bcab89bd286053c2b0a13cabac1f4d3ab377fe6f6341e67
-
Size
876KB
-
Sample
221126-2qtseaba32
-
MD5
3a73367a66682aaddb521b26bdd88b61
-
SHA1
ba19af066ce4862279801d75fa217edf3b033624
-
SHA256
b32111e5b612a5624bcab89bd286053c2b0a13cabac1f4d3ab377fe6f6341e67
-
SHA512
e2eae210b00f380b8d1a8f7f867bfc06119aed466eee13ac83790475676d3c0fb4ff24d2d11cb273f227428a9d024b36f210b52567be8c3c2223257bb8455399
-
SSDEEP
24576:t2g/ksNECnkOT5qNSEkwNQd+SSqXNBWjIMvgk1Zlq:Ds6qNlkYQdTSks8MPA
Static task
static1
Behavioral task
behavioral1
Sample
b32111e5b612a5624bcab89bd286053c2b0a13cabac1f4d3ab377fe6f6341e67.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
b32111e5b612a5624bcab89bd286053c2b0a13cabac1f4d3ab377fe6f6341e67
-
Size
876KB
-
MD5
3a73367a66682aaddb521b26bdd88b61
-
SHA1
ba19af066ce4862279801d75fa217edf3b033624
-
SHA256
b32111e5b612a5624bcab89bd286053c2b0a13cabac1f4d3ab377fe6f6341e67
-
SHA512
e2eae210b00f380b8d1a8f7f867bfc06119aed466eee13ac83790475676d3c0fb4ff24d2d11cb273f227428a9d024b36f210b52567be8c3c2223257bb8455399
-
SSDEEP
24576:t2g/ksNECnkOT5qNSEkwNQd+SSqXNBWjIMvgk1Zlq:Ds6qNlkYQdTSks8MPA
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-