General
-
Target
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21
-
Size
149KB
-
Sample
221128-ge297aec8z
-
MD5
1e4e9740b6dfd25244f39aa4bd5321c9
-
SHA1
19e7e9d26a12a3441ed44e32d7985e829a9acdbc
-
SHA256
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21
-
SHA512
8f358cce4cb7e38e64f4a5c8e9f3bd120ff1c919452d15816edca7d872131db1842f132e5a7f45e56ff4e1887a694a073cc9f5708722d423f18728500123cfb0
-
SSDEEP
3072:vgZsYK3V6qRbShJvB12wtfkcRPIuxvvliXXDB3QnEN0BdYZp:3V6UmJ4rLG1uXV3QnEN0BG
Static task
static1
Behavioral task
behavioral1
Sample
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21
-
Size
149KB
-
MD5
1e4e9740b6dfd25244f39aa4bd5321c9
-
SHA1
19e7e9d26a12a3441ed44e32d7985e829a9acdbc
-
SHA256
d4d36ea03fb4b3e1b33069073a8bf2c0f63a681ba51173f5d349e8f1356caf21
-
SHA512
8f358cce4cb7e38e64f4a5c8e9f3bd120ff1c919452d15816edca7d872131db1842f132e5a7f45e56ff4e1887a694a073cc9f5708722d423f18728500123cfb0
-
SSDEEP
3072:vgZsYK3V6qRbShJvB12wtfkcRPIuxvvliXXDB3QnEN0BdYZp:3V6UmJ4rLG1uXV3QnEN0BG
Score9/10-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-