General
-
Target
9b308447f0060f83888ae6758088dc11-sample.zip
-
Size
1.9MB
-
Sample
230423-zs8y1afh52
-
MD5
ab838ed02c90627d3f421c4479985f19
-
SHA1
9e833f3f4a0debee23069ef8eba2d30454c4172b
-
SHA256
c8da7a244b48646fd4ad3c323e883e655b7f9cce0f635d141ba1fcc50446edaa
-
SHA512
e75b046b5cf9212dc82c47de7f22b370ffbab56b703d6be34a458d9ba335eea0931060698a247535b97263aa8b1d1caf448536e0d020fce406855d3c41ae4680
-
SSDEEP
49152:oGIGfJ59iq4j0Ahj8qiqZWxFkcnq8vqxhj2wIIUa9ky5K0:gE7adl/ZWxGwqAqxdjUa9kyt
Behavioral task
behavioral1
Sample
1f4b6d549d1c9005fac3532abaaf4408.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
185.106.93.237:6378
Targets
-
-
Target
1f4b6d549d1c9005fac3532abaaf4408
-
Size
4.3MB
-
MD5
1f4b6d549d1c9005fac3532abaaf4408
-
SHA1
041b546ac27783ac5fba33897b3f6d539248d0e2
-
SHA256
0d7dc7413dd3f25fcd45de53fc5feebcb3eb5b5517ae1c07469c9072ef9eb9cf
-
SHA512
ac1eb503eb0e7bb15832d17df8b0d8eaa35804b4d4b926e12b94ce40800096255d13be897f7dce2062cde41ff9a73fe427abdfac5e8caa04a3ed86f49254bfd0
-
SSDEEP
49152:k49loyLKmcH0QoS7wT2wcQ2MoVQUbkieBrZJw5ERFtGRCoO4IYB1:KyYASMwEFGIo
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-