General
-
Target
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3
-
Size
197KB
-
Sample
221128-g1q42sbg29
-
MD5
f66262f719ffdae875e374477a46d834
-
SHA1
dca006b0432b6b03308834899ab8f1ec485f054f
-
SHA256
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3
-
SHA512
fe09cd190acc407f6565844dfe31c1b320e39cd7a61e10b28733927f505a937090dc137b6edab597e664c48e2392049326c78bbc037b621acd3dcee70f20e139
-
SSDEEP
6144:HVDkWoLQkZy6RSs9ASTLlZQeqXnbl/kdQP6:Hpstyun9HTLXQeqXZ/kdQP6
Static task
static1
Behavioral task
behavioral1
Sample
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3
-
Size
197KB
-
MD5
f66262f719ffdae875e374477a46d834
-
SHA1
dca006b0432b6b03308834899ab8f1ec485f054f
-
SHA256
53ff37b0fbffa0c2656f09f8ea90322158e40b3c5318dd670eef3ac9d72b9fb3
-
SHA512
fe09cd190acc407f6565844dfe31c1b320e39cd7a61e10b28733927f505a937090dc137b6edab597e664c48e2392049326c78bbc037b621acd3dcee70f20e139
-
SSDEEP
6144:HVDkWoLQkZy6RSs9ASTLlZQeqXnbl/kdQP6:Hpstyun9HTLXQeqXZ/kdQP6
Score9/10-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-