General
-
Target
LeagueFVMT.exe
-
Size
70.9MB
-
Sample
231227-crc4lsaeg9
-
MD5
e82f8a8021e4b4532c19364b26179b70
-
SHA1
318a99df3ec9d4d45324e3c195044c8167df98ce
-
SHA256
986117c91d1ec1eb8a4b437f9890d4396a89aa274a9ea7b660d93746548257fb
-
SHA512
c4a94664628c6e11cd0b2f4e7492bfea100c65eef24691f83b1ccbcb7307a3be1a225e8a966b0f41e2ea1205a7aec0ac4274e691a95c7ba84a7e3e5d907c6c3e
-
SSDEEP
1572864:G4/4rzOchP5QXAgEgVoWFQWGTtqnufMdBlk/bkTqmPaS7:Nkqcd5QXAQmWiFkdBSkTrl7
Static task
static1
Behavioral task
behavioral1
Sample
LeagueFVMT.exe
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
LeagueFVMT.exe
Resource
win11-20231215-en
Malware Config
Targets
-
-
Target
LeagueFVMT.exe
-
Size
70.9MB
-
MD5
e82f8a8021e4b4532c19364b26179b70
-
SHA1
318a99df3ec9d4d45324e3c195044c8167df98ce
-
SHA256
986117c91d1ec1eb8a4b437f9890d4396a89aa274a9ea7b660d93746548257fb
-
SHA512
c4a94664628c6e11cd0b2f4e7492bfea100c65eef24691f83b1ccbcb7307a3be1a225e8a966b0f41e2ea1205a7aec0ac4274e691a95c7ba84a7e3e5d907c6c3e
-
SSDEEP
1572864:G4/4rzOchP5QXAgEgVoWFQWGTtqnufMdBlk/bkTqmPaS7:Nkqcd5QXAQmWiFkdBSkTrl7
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-