General
-
Target
confession.exe
-
Size
75.9MB
-
Sample
230928-xt1mxafb32
-
MD5
ddbbe20949c2b13a0b9c8fab7184b610
-
SHA1
37ca047d68e235b59a332c634e658e28e66bca16
-
SHA256
d229c8d5e7919815fa5c92cd1a602d02bc77bb651dff62731ade73cc72e38eae
-
SHA512
6b333f0e5bd44f603b4c0cfe3e03c629305d5ca75c4c0aff3538ff24d20f623e740bf07785ea8e8a6e059e813590e454fd245305f83afa7f28e56336077f20db
-
SSDEEP
1572864:12MTiQYHNSk8IpG7V+VPhqaAE7lftXHpPWlXxTa9k4VTW7aUnBOIYq:1ZTixtSkB05awaJJe3Ty9VTUaUnAIYq
Behavioral task
behavioral1
Sample
confession.exe
Resource
win10-20230915-en
Malware Config
Targets
-
-
Target
confession.exe
-
Size
75.9MB
-
MD5
ddbbe20949c2b13a0b9c8fab7184b610
-
SHA1
37ca047d68e235b59a332c634e658e28e66bca16
-
SHA256
d229c8d5e7919815fa5c92cd1a602d02bc77bb651dff62731ade73cc72e38eae
-
SHA512
6b333f0e5bd44f603b4c0cfe3e03c629305d5ca75c4c0aff3538ff24d20f623e740bf07785ea8e8a6e059e813590e454fd245305f83afa7f28e56336077f20db
-
SSDEEP
1572864:12MTiQYHNSk8IpG7V+VPhqaAE7lftXHpPWlXxTa9k4VTW7aUnBOIYq:1ZTixtSkB05awaJJe3Ty9VTUaUnAIYq
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-