General
-
Target
ordered-products-3V9Zuy7HRKjvicTbRvT0-22166-95539.rar
-
Size
852B
-
Sample
230817-cm3tgagf3z
-
MD5
7fd82f9b2f96483f14e2e51e219215ec
-
SHA1
34051f5f57488f668ef9a1507b795f249b47e5c5
-
SHA256
22605e51a07d3b42a12ef1a6eedb1c8f8ddf7c65f588b094990c5bb0e2590f26
-
SHA512
4ac29e5a5cb36fdabfd7acbdf0987110dea81306b630ab42588c5929bdf388b6e8626affe2c15217cc0f3c34097bf852977e28c2f3f298043688f7a85bfeebe0
Static task
static1
Behavioral task
behavioral1
Sample
ordered products-3V9Zuy7HRKjvicTbRvT0-22166-95539.bat
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
ordered products-3V9Zuy7HRKjvicTbRvT0-22166-95539.bat
-
Size
2KB
-
MD5
579038f61cae4fe3bbca72e851c24e83
-
SHA1
44957e10ea3035756002b3936f20f7ec73d8848b
-
SHA256
436ca3866cb36a4808eb22fb705f918c521dbbf79b4d9f449b48ee463d497802
-
SHA512
60de6b9ef53d6cb9f850f91532565d4a9412916bcf1e457e756027ddf023eeb1d20dfcc508bedefc93df9214326f9c7acae2ef4ce0e5aed13def6c9e4a502be8
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-