General
-
Target
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c
-
Size
952KB
-
Sample
221127-rgam3ach37
-
MD5
d07010e606a7ce5c26a7e8fca6ede289
-
SHA1
0301b1d31f291af8c9268dcfddb1a9b708fb5064
-
SHA256
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c
-
SHA512
a91d72788a3e9468b59e3ae0326036962f0648be6602ab953d9e6b83cdffa9570c36b2fa79b46373805d88e4b2bb4bc2a4f08a42f23d1999cf575bcece945674
-
SSDEEP
24576:IaaIERvwfrJlJjZ55EF2KdZ8shV4VTci/Vxv4Oa:baFBCljf2Dks/4Oitxvg
Static task
static1
Behavioral task
behavioral1
Sample
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c
-
Size
952KB
-
MD5
d07010e606a7ce5c26a7e8fca6ede289
-
SHA1
0301b1d31f291af8c9268dcfddb1a9b708fb5064
-
SHA256
2a82d6dca9191d0256db3f5b1dd68860c7901699f5297cb22a3bbbe3c339029c
-
SHA512
a91d72788a3e9468b59e3ae0326036962f0648be6602ab953d9e6b83cdffa9570c36b2fa79b46373805d88e4b2bb4bc2a4f08a42f23d1999cf575bcece945674
-
SSDEEP
24576:IaaIERvwfrJlJjZ55EF2KdZ8shV4VTci/Vxv4Oa:baFBCljf2Dks/4Oitxvg
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-