General
-
Target
reksilmao_file.exe
-
Size
77.8MB
-
Sample
221129-y56tqsch74
-
MD5
5c443188ff545ed6b9649f7228ac4dc9
-
SHA1
403a037c808ccaadbaefd41e5aacbdf2c86f3e53
-
SHA256
704a653d2a0c14bac2187bd0ba43e1769a6a7781c942f572195756f866cbb16c
-
SHA512
63b8b5946e35f095067c753f9a5d7a3b1264194233a42bba75c41c538526e35f6d82abe674478542e6eb956ab9f9640d31a18dacd3874fe2f14d69b793d5deab
-
SSDEEP
393216:M+UwqOyazuwnL2Vmd6ml/m3p5c/eEJ4y7G99jZ57YKQYyQnmdZ:NdxzuUyVmdXK5uh4zLBQYySmH
Malware Config
Targets
-
-
Target
reksilmao_file.exe
-
Size
77.8MB
-
MD5
5c443188ff545ed6b9649f7228ac4dc9
-
SHA1
403a037c808ccaadbaefd41e5aacbdf2c86f3e53
-
SHA256
704a653d2a0c14bac2187bd0ba43e1769a6a7781c942f572195756f866cbb16c
-
SHA512
63b8b5946e35f095067c753f9a5d7a3b1264194233a42bba75c41c538526e35f6d82abe674478542e6eb956ab9f9640d31a18dacd3874fe2f14d69b793d5deab
-
SSDEEP
393216:M+UwqOyazuwnL2Vmd6ml/m3p5c/eEJ4y7G99jZ57YKQYyQnmdZ:NdxzuUyVmdXK5uh4zLBQYySmH
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-