Overview

overview

8

Static

static

taskshostw.exe

windows7-x64

8

taskshostw.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    taskshostw.exe

  • Size

    245KB

  • Sample

    230120-ya81lshe76

  • MD5

    e538f67d529d672c55304f3c9ad05392

  • SHA1

    f7ff40a1901d51dd6222b420bbece575b46b2cd2

  • SHA256

    124c17b099d8c09db4bd82b5ef3d41cea61727a480abfd56a943208d858ea8cf

  • SHA512

    22344125223dcc5d66a5d0a6b860e547b408123d75e3d8f698fa45b9ea33e7a736ccaa7ae4e32a0989a9d0637db16443502e7bd56beb8093bb6c09a0289361c6

  • SSDEEP

    3072:eTIu4ZQ8M2A1vA7m5+C6ZoEHBAnpK37nXz8o1008Q75wPsoB74tyJhvSK/KkMc/X:LHA1vweOR8CTwPnLKkM/u

Score
8/10

Malware Config

Targets

    • Target

      taskshostw.exe

    • Size

      245KB

    • MD5

      e538f67d529d672c55304f3c9ad05392

    • SHA1

      f7ff40a1901d51dd6222b420bbece575b46b2cd2

    • SHA256

      124c17b099d8c09db4bd82b5ef3d41cea61727a480abfd56a943208d858ea8cf

    • SHA512

      22344125223dcc5d66a5d0a6b860e547b408123d75e3d8f698fa45b9ea33e7a736ccaa7ae4e32a0989a9d0637db16443502e7bd56beb8093bb6c09a0289361c6

    • SSDEEP

      3072:eTIu4ZQ8M2A1vA7m5+C6ZoEHBAnpK37nXz8o1008Q75wPsoB74tyJhvSK/KkMc/X:LHA1vweOR8CTwPnLKkM/u

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks