General
-
Target
fe49674b920ac6d7bf6d18841445afd9
-
Size
1.5MB
-
Sample
231228-2w2p7scab6
-
MD5
fe49674b920ac6d7bf6d18841445afd9
-
SHA1
3ee482ed1f54868cb1289f5b020eab4a5d5e7bc6
-
SHA256
c6ef1177024c4c1490203d420b218249f43213acf03c523f743072930c5b5245
-
SHA512
e087d3eb703d3485b5809440e41d000ef906383c73fd11ab31d196fd64b3a489f8db54377f8e79fab623977194a92610d040f50dec00359535a9610b50ed5664
-
SSDEEP
24576:ChnIFiuZw89BQEYlIXQDiZfGsBLpTnr52iKLJYJJs4ns:CFgVMzSADihpL9nr51wis
Behavioral task
behavioral1
Sample
a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
b.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
b.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
Protocol: ftp- Host:
61.160.212.13 - Port:
21 - Username:
anonymous
Targets
-
-
Target
a.exe
-
Size
45KB
-
MD5
04f224c18070e66678563352cb870ea8
-
SHA1
ee8994d3e4eb93c38a6ae7dcaa144ddf347c172b
-
SHA256
f3403b8f6496bdd8bbe87e0b06e6382426c7876934d4e68071b63840f6538731
-
SHA512
5fec8623a6895a4c3bb43d099ff51050d7407409786e6c9733e8ccdef48b2ff4287f1dc8208e4cef074f34d890d47b537e81085af65e6bd53f78f581332fef70
-
SSDEEP
768:/wgW0G0SY4suJ0uJeP92H5oCXI8Jxge9R4MeluXaXbVDV2pYI/ElxKn1:/gv0S1nJ/JSUxD9RHwtV8Ao
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
b.exe
-
Size
1.5MB
-
MD5
8fd4b6e48e2a9fc0ffafb46387efe455
-
SHA1
dccbdf56a7e2533252eaf67168815fefdecfb49f
-
SHA256
f141a2affcdb4351d1d698f8bca65319f6f3caf7f787d8a1132a4af9ed1cdfac
-
SHA512
1a7f00fd1bf25e45308d37501bf976e8f62839f97e63dbadd2337a6a4353d945d0f10e4c4711657e2fb997350ebc5480c549b9885a01710b26d3fab55bd8d9b4
-
SSDEEP
24576:Q/eofQ1G0f+pJWiwumD29okl+v2JjXhGxMKhqbBCZMNCvxtipWJHGKE:meofJRJtwumqpl+uJ7EFq94MNC7vJHGK
Score10/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-