General
-
Target
immi.bin
-
Size
7.8MB
-
Sample
230710-qd6qnabe5z
-
MD5
49c5906689498f487597cc1cb84e3a35
-
SHA1
338c319eeb28554df9aad957dd7f2676afb7e04e
-
SHA256
ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791
-
SHA512
f97f72ea65123b64f049404f26094249b8fffcf118d803aaddef0393cde67f15a603eb4a468cfc6f48b5eac345d48da1c7a5cde086ec7993adafd44474747c03
-
SSDEEP
196608:oIRcbH4jSteTGvIxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuIxwZ6v1CPwDv3uFteg2EeJUO9E
Behavioral task
behavioral1
Sample
immi.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
immi.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
bitrat
1.38
xdjnibkfm366vswudhfwb5gaihqxkxvov7q6gv3fqcm3bw46b5rydsqd.onion:0
-
communication_password
71d39b7aa9389d5c64a2440993bcfa3b
-
install_dir
Install path
-
install_file
Install name
-
tor_process
tor
Targets
-
-
Target
immi.bin
-
Size
7.8MB
-
MD5
49c5906689498f487597cc1cb84e3a35
-
SHA1
338c319eeb28554df9aad957dd7f2676afb7e04e
-
SHA256
ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791
-
SHA512
f97f72ea65123b64f049404f26094249b8fffcf118d803aaddef0393cde67f15a603eb4a468cfc6f48b5eac345d48da1c7a5cde086ec7993adafd44474747c03
-
SSDEEP
196608:oIRcbH4jSteTGvIxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuIxwZ6v1CPwDv3uFteg2EeJUO9E
Score10/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-