General
-
Target
caf7afab30b06cd0f7e04e58d74eae92
-
Size
248KB
-
Sample
240315-yfcvcshd9x
-
MD5
caf7afab30b06cd0f7e04e58d74eae92
-
SHA1
d2f660783a60f769a145e6950382ec14aa058604
-
SHA256
ebbddbc283ca755442e0651f50ca542a01b896fb05fa62ad18270f791ecec6bb
-
SHA512
deecd35d3f36130e4e6faec6b8f8964399f1e9f4ede11096bf6d0e7ce8036dbe375f8be93cd5a864c1d7e03de2535ec2885413a497a4f0b7775a53035fdaee8b
-
SSDEEP
3072:Hveff3/WI3G4qvOLOdbR7JCCNxNlZjemWa6hg5GuGUgMdZafD4UA1b:HEJG9mGR8CN3ymWa65uRb4cxb
Static task
static1
Behavioral task
behavioral1
Sample
caf7afab30b06cd0f7e04e58d74eae92.exe
Resource
win7-20240221-en
Malware Config
Extracted
gcleaner
194.145.227.161
Extracted
xworm
5.0
127.0.0.1:7000
LK1tcQzVjdOfCJrx
-
Install_directory
%AppData%
-
install_file
sv_gost120938.exe
Targets
-
-
Target
caf7afab30b06cd0f7e04e58d74eae92
-
Size
248KB
-
MD5
caf7afab30b06cd0f7e04e58d74eae92
-
SHA1
d2f660783a60f769a145e6950382ec14aa058604
-
SHA256
ebbddbc283ca755442e0651f50ca542a01b896fb05fa62ad18270f791ecec6bb
-
SHA512
deecd35d3f36130e4e6faec6b8f8964399f1e9f4ede11096bf6d0e7ce8036dbe375f8be93cd5a864c1d7e03de2535ec2885413a497a4f0b7775a53035fdaee8b
-
SSDEEP
3072:Hveff3/WI3G4qvOLOdbR7JCCNxNlZjemWa6hg5GuGUgMdZafD4UA1b:HEJG9mGR8CN3ymWa65uRb4cxb
-
Detect Xworm Payload
-
Detect ZGRat V1
-
Async RAT payload
-
OnlyLogger payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-