Resubmissions
23-02-2023 14:03
230223-rcnzwsga69 1020-01-2023 12:25
230120-plqhzaff6y 1016-01-2023 12:00
230116-n6kyjsad9v 1015-01-2023 04:12
230115-esqr7sdg4v 1015-01-2023 04:01
230115-elc8jahg27 815-01-2023 03:56
230115-ehjk5shf75 815-01-2023 01:02
230115-bebjksbg8w 1015-01-2023 00:38
230115-azcfyafg72 8General
-
Target
88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.zip
-
Size
1.6MB
-
Sample
230120-plqhzaff6y
-
MD5
f3816710cae8dc1dc854336398602b72
-
SHA1
b63184301e8b5ea5875a74b954f9e2c21bdae419
-
SHA256
271d8bf13f96188684e0f68446f16084ec6d8c231837c45e3ec3ebb73062574d
-
SHA512
42feda2df53ba91f4ab1e4797c4b5e2dd73cc522aa9f39c75c8bb432fbf362586c8f15a40c31a52ba3053ec9b489349e22dde0e17987aa65c56bb6247ac49e2a
-
SSDEEP
24576:Sf4FGfLNsFBNT8zv3k2bQvVGOcUTJR9RDQISvMAd9lMFLMXZaff3YlZmf2oeh03G:SAoMqzv3k2svVGOcCqjiLiYXY8Ow3G
Static task
static1
Behavioral task
behavioral1
Sample
88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd
-
Size
1.6MB
-
MD5
9f7aaf3a9a3f325dd533ecc38d85a351
-
SHA1
1ebdc55b96e11d9b924fbba8c5fa1799ff247970
-
SHA256
88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd
-
SHA512
0afdcb5362be67938d00baaeb3974af3ad2b7342c8024ec2390ce87bad4c6252e4c8277a0bb36979cdcb4036aa9f7dc93ac23f78acdd04033c3086fa3fd7286f
-
SSDEEP
24576:yWmAFubS9dt9Mcp5CPu4YV5GaCxYiluVuTY4PRVGEw6GPDp5MwNrsJjF2GKGI8L:q29dRpYW4YV5QxYiET8ahPDMwNrs2y
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-