General
-
Target
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388
-
Size
140KB
-
Sample
221128-gkfndaae53
-
MD5
ec8f375201e7fc6d1442c6ce573d0727
-
SHA1
9943ea8973b7535085b1792414db5cdf6721d398
-
SHA256
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388
-
SHA512
edb3f9d5ee1bdd1c82e761f78156ebc88efd81146784fe9ba132ce2d8d77e34313fffc7e9f7566ed686f8e6e7be3b09bfd53c55325c529b03c7e76fb00d6c4f7
-
SSDEEP
3072:KoKY3eLtmelOckbmWl0O+UdNm/Q5v1p5E71i8PKc:KoK4cmKOckbmWyZUTvp5cV
Static task
static1
Behavioral task
behavioral1
Sample
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388
-
Size
140KB
-
MD5
ec8f375201e7fc6d1442c6ce573d0727
-
SHA1
9943ea8973b7535085b1792414db5cdf6721d398
-
SHA256
a9fbc8d8cace2c2d0fd253f7e70b012457ae9665bf8c19ed7604b00a0b819388
-
SHA512
edb3f9d5ee1bdd1c82e761f78156ebc88efd81146784fe9ba132ce2d8d77e34313fffc7e9f7566ed686f8e6e7be3b09bfd53c55325c529b03c7e76fb00d6c4f7
-
SSDEEP
3072:KoKY3eLtmelOckbmWl0O+UdNm/Q5v1p5E71i8PKc:KoK4cmKOckbmWyZUTvp5cV
Score9/10-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-