General
-
Target
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4
-
Size
272KB
-
Sample
221128-ggw6ysee2t
-
MD5
baf3947937254c5d2112d879bc059994
-
SHA1
828d6783742e3b6f7b0142b116621a53e848c061
-
SHA256
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4
-
SHA512
58acd6c8df3f3e4bb43995f1cb210707efe3b8d0d21e65390798e0e0ab5612632ef06d0dbafa6b19e928cd87f0dbb7d036c9617a42a56aed59a83bba098ac165
-
SSDEEP
6144:nAz71iSbYGYBdo0FiU2sauK9ZZLjhwXvY2vuRC+4:nAzp7bxYHo036BfhwXQ2mRCV
Static task
static1
Behavioral task
behavioral1
Sample
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4
-
Size
272KB
-
MD5
baf3947937254c5d2112d879bc059994
-
SHA1
828d6783742e3b6f7b0142b116621a53e848c061
-
SHA256
bb5b1ea5a20e3368473fc5e777b0589bf6b52c568d17c584653b3f4698dd67a4
-
SHA512
58acd6c8df3f3e4bb43995f1cb210707efe3b8d0d21e65390798e0e0ab5612632ef06d0dbafa6b19e928cd87f0dbb7d036c9617a42a56aed59a83bba098ac165
-
SSDEEP
6144:nAz71iSbYGYBdo0FiU2sauK9ZZLjhwXvY2vuRC+4:nAzp7bxYHo036BfhwXQ2mRCV
Score9/10-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-