General
-
Target
c27131bdcd5cb27339af4833ab139305
-
Size
566KB
-
Sample
231222-rsqhnacgf5
-
MD5
c27131bdcd5cb27339af4833ab139305
-
SHA1
4dcbc9009b87fbee794a911879997156b8a61d8e
-
SHA256
5a3a69a57da03bd1c26fe525e51df51b391c1556cb013bb7e411ccaead253fb9
-
SHA512
91ac3e5c6e476146e38df502c233dc45d3f54ff6c7e9e628fbc570c8323dc046a950baf32b4bbedf7bc6d9c509309d8e4fbcf69bf5f1616e535ca933f0945477
-
SSDEEP
12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWr:pjOMtd1a/yl3KOj+
Static task
static1
Behavioral task
behavioral1
Sample
c27131bdcd5cb27339af4833ab139305.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c27131bdcd5cb27339af4833ab139305.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
c27131bdcd5cb27339af4833ab139305
-
Size
566KB
-
MD5
c27131bdcd5cb27339af4833ab139305
-
SHA1
4dcbc9009b87fbee794a911879997156b8a61d8e
-
SHA256
5a3a69a57da03bd1c26fe525e51df51b391c1556cb013bb7e411ccaead253fb9
-
SHA512
91ac3e5c6e476146e38df502c233dc45d3f54ff6c7e9e628fbc570c8323dc046a950baf32b4bbedf7bc6d9c509309d8e4fbcf69bf5f1616e535ca933f0945477
-
SSDEEP
12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWr:pjOMtd1a/yl3KOj+
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-