General
-
Target
a-Skjkmfvbkv.bin.exe
-
Size
12KB
-
Sample
221129-wx6gwsdc78
-
MD5
8383ef681ba9f25dd7bf49c28cef559e
-
SHA1
12ddeb7c5e504dfbbf194842feb86662c170a8f1
-
SHA256
193d2c92560adcc08eaf3157673b1f835ae85c5c74679cac587e753f67b33dcf
-
SHA512
6ef606af88c235f21868f3e9d8ade4e3eb76308559f54ee2501b6302031bc635d68edd0a23de65a7e7590264827fdff1a4ac7e95d5327bc10fb4839397380af4
-
SSDEEP
384:pUR3OFfFLM89kDKyfjDWwYWxptYcFmVc03K:OOFhv9k28ttYcFmVc6K
Static task
static1
Behavioral task
behavioral1
Sample
a-Skjkmfvbkv.bin.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a-Skjkmfvbkv.bin.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\FILE RECOVERY.txt
mallox.resurrection@onionmail.org
http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
Targets
-
-
Target
a-Skjkmfvbkv.bin.exe
-
Size
12KB
-
MD5
8383ef681ba9f25dd7bf49c28cef559e
-
SHA1
12ddeb7c5e504dfbbf194842feb86662c170a8f1
-
SHA256
193d2c92560adcc08eaf3157673b1f835ae85c5c74679cac587e753f67b33dcf
-
SHA512
6ef606af88c235f21868f3e9d8ade4e3eb76308559f54ee2501b6302031bc635d68edd0a23de65a7e7590264827fdff1a4ac7e95d5327bc10fb4839397380af4
-
SSDEEP
384:pUR3OFfFLM89kDKyfjDWwYWxptYcFmVc03K:OOFhv9k28ttYcFmVc6K
Score10/10-
Stops running service(s)
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-