General
-
Target
C4Loader.rar
-
Size
127KB
-
Sample
230214-1gmgasgd48
-
MD5
29ca3b684fb4d4a1f80f573834cf1989
-
SHA1
e83bd0d6009eaf12b1f313470b8128a72a6efc6b
-
SHA256
af022913cceb5218316cd2880e585c1e90a1da97ec393f40eeb49ed0c368247d
-
SHA512
b51da78bd5658035e5fe2985d32ddc9850882066ba8746745dc6fc7bac7b3a7a1a3362596ffb8ab95f0defb2798856ec6e8c8bdda34b0f99e61aa9fb5d669be5
-
SSDEEP
3072:tyCuV8YFkbf+ZiJFRqgzH2LDK5Ar/MC7H1wlC3C4Aq7x:7YF/ZijzWnK2YCb1w43lBx
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.rar
Resource
win7-20220812-en
Malware Config
Extracted
aurora
107.182.129.73:8081
Targets
-
-
Target
C4Loader.rar
-
Size
127KB
-
MD5
29ca3b684fb4d4a1f80f573834cf1989
-
SHA1
e83bd0d6009eaf12b1f313470b8128a72a6efc6b
-
SHA256
af022913cceb5218316cd2880e585c1e90a1da97ec393f40eeb49ed0c368247d
-
SHA512
b51da78bd5658035e5fe2985d32ddc9850882066ba8746745dc6fc7bac7b3a7a1a3362596ffb8ab95f0defb2798856ec6e8c8bdda34b0f99e61aa9fb5d669be5
-
SSDEEP
3072:tyCuV8YFkbf+ZiJFRqgzH2LDK5Ar/MC7H1wlC3C4Aq7x:7YF/ZijzWnK2YCb1w43lBx
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-