General
-
Target
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef
-
Size
1.0MB
-
Sample
230109-17r5gaga66
-
MD5
067b0d35578c2755a06e9e6b702c4c05
-
SHA1
603edd059b6a616a984ba4582cd86384234ba2d0
-
SHA256
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef
-
SHA512
992617a6220a41fde70e3e457b27a1b7474af44d23d501474c8e466e4648ea1a281b277f667434f097dc1808d3299a7b18076e16a924e15aa29319a8f0ff0595
-
SSDEEP
12288:u9iJB1C4k6XXEdR16EjdL7in0DpEXhZV8F9jL2FvEd/0rhFyYcvFb+BCFhyP8+:uoJuFfHjpsZVAv/0ruYctb+YFQ
Static task
static1
Behavioral task
behavioral1
Sample
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef
-
Size
1.0MB
-
MD5
067b0d35578c2755a06e9e6b702c4c05
-
SHA1
603edd059b6a616a984ba4582cd86384234ba2d0
-
SHA256
6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef
-
SHA512
992617a6220a41fde70e3e457b27a1b7474af44d23d501474c8e466e4648ea1a281b277f667434f097dc1808d3299a7b18076e16a924e15aa29319a8f0ff0595
-
SSDEEP
12288:u9iJB1C4k6XXEdR16EjdL7in0DpEXhZV8F9jL2FvEd/0rhFyYcvFb+BCFhyP8+:uoJuFfHjpsZVAv/0ruYctb+YFQ
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-