General
-
Target
caca.exe
-
Size
70.7MB
-
Sample
231217-hkexhsdhfr
-
MD5
b9d9aa95d2ca87f91a016fda462a26f9
-
SHA1
d45b6786540880c618e4c0baec0a090d773817c3
-
SHA256
2d3a331a98699a67cd900d40ec320e599ae58ce342239f4abaab08847f77161a
-
SHA512
7aee63646d978e29c3b52d0b38ef889ae370a2118b083fb8bcf07896384bd8ce4b4426847e16c057d56f9196b337187405ee845862b8d274968812808b781aa4
-
SSDEEP
1572864:V4/4rzOchPopkQDe/HATRxTndXx2QVkh8w61pdvQNbfdEc07:ikqcdopkQEHAT3djkGwazsfdEc07
Static task
static1
Behavioral task
behavioral1
Sample
caca.exe
Resource
win10-20231215-en
Malware Config
Targets
-
-
Target
caca.exe
-
Size
70.7MB
-
MD5
b9d9aa95d2ca87f91a016fda462a26f9
-
SHA1
d45b6786540880c618e4c0baec0a090d773817c3
-
SHA256
2d3a331a98699a67cd900d40ec320e599ae58ce342239f4abaab08847f77161a
-
SHA512
7aee63646d978e29c3b52d0b38ef889ae370a2118b083fb8bcf07896384bd8ce4b4426847e16c057d56f9196b337187405ee845862b8d274968812808b781aa4
-
SSDEEP
1572864:V4/4rzOchPopkQDe/HATRxTndXx2QVkh8w61pdvQNbfdEc07:ikqcdopkQEHAT3djkGwazsfdEc07
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-