General
-
Target
soft.exe
-
Size
4.2MB
-
Sample
230802-c3npgsdd5w
-
MD5
da89628d89735a5320da0513608b2fd4
-
SHA1
44b8b35ff51a2e1c7a67c03b243ca467b21b3bb4
-
SHA256
d398d687d76426465501c32c830c6c3298d471bab4223bc6f9ac7d4b30ae558b
-
SHA512
9dbe9849c77262227a5a75348a164e6246a8d52a2e65907ef9681687d119a59b40dfd6f8f5b8fcf0f77509a11a7fb8f54b6990814c1958a5e28607e6c896540a
-
SSDEEP
98304:JQCHegVO9xselnvc9DzG7xxBFKyfmtKNP0R2h7b2:JjHhIxjvc9cxrKHtyc4b2
Static task
static1
Behavioral task
behavioral1
Sample
soft.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
soft.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
laplas
http://45.159.189.33
-
api_key
d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c
Targets
-
-
Target
soft.exe
-
Size
4.2MB
-
MD5
da89628d89735a5320da0513608b2fd4
-
SHA1
44b8b35ff51a2e1c7a67c03b243ca467b21b3bb4
-
SHA256
d398d687d76426465501c32c830c6c3298d471bab4223bc6f9ac7d4b30ae558b
-
SHA512
9dbe9849c77262227a5a75348a164e6246a8d52a2e65907ef9681687d119a59b40dfd6f8f5b8fcf0f77509a11a7fb8f54b6990814c1958a5e28607e6c896540a
-
SSDEEP
98304:JQCHegVO9xselnvc9DzG7xxBFKyfmtKNP0R2h7b2:JjHhIxjvc9cxrKHtyc4b2
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-