General
-
Target
taskshostw.exe
-
Size
245KB
-
Sample
230120-ya81lshe76
-
MD5
e538f67d529d672c55304f3c9ad05392
-
SHA1
f7ff40a1901d51dd6222b420bbece575b46b2cd2
-
SHA256
124c17b099d8c09db4bd82b5ef3d41cea61727a480abfd56a943208d858ea8cf
-
SHA512
22344125223dcc5d66a5d0a6b860e547b408123d75e3d8f698fa45b9ea33e7a736ccaa7ae4e32a0989a9d0637db16443502e7bd56beb8093bb6c09a0289361c6
-
SSDEEP
3072:eTIu4ZQ8M2A1vA7m5+C6ZoEHBAnpK37nXz8o1008Q75wPsoB74tyJhvSK/KkMc/X:LHA1vweOR8CTwPnLKkM/u
Static task
static1
Behavioral task
behavioral1
Sample
taskshostw.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
taskshostw.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
taskshostw.exe
-
Size
245KB
-
MD5
e538f67d529d672c55304f3c9ad05392
-
SHA1
f7ff40a1901d51dd6222b420bbece575b46b2cd2
-
SHA256
124c17b099d8c09db4bd82b5ef3d41cea61727a480abfd56a943208d858ea8cf
-
SHA512
22344125223dcc5d66a5d0a6b860e547b408123d75e3d8f698fa45b9ea33e7a736ccaa7ae4e32a0989a9d0637db16443502e7bd56beb8093bb6c09a0289361c6
-
SSDEEP
3072:eTIu4ZQ8M2A1vA7m5+C6ZoEHBAnpK37nXz8o1008Q75wPsoB74tyJhvSK/KkMc/X:LHA1vweOR8CTwPnLKkM/u
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-