General
-
Target
update-windows.exe
-
Size
606KB
-
Sample
240330-nypa1aeh65
-
MD5
6d15502f7965eb86b7e3ef22415df950
-
SHA1
5607d53d6f679f8ea6c8e5a1225d97cc0c36fed2
-
SHA256
074020d2d88544c1747e8b8d51eedd460305f6c2c529d548d993f1816b93c702
-
SHA512
12d73774636e0fcccfb2ef75bfca94888d7b15806a80c1e5a8292b23baf6d6cbda1cba41f9817f1bf37c29fda9a349bd3a8989e7962b977d53091b942bea8028
-
SSDEEP
12288:JNZum6aVKx6SIIRYz6Y9IwDGDYPG76bR220oRnWDg7sK:JNZDV6IIRCRI5UbR2EF2oL
Static task
static1
Behavioral task
behavioral1
Sample
update-windows.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
update-windows.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$TEMP/Foreign.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$TEMP/Foreign.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
http://flogpasteapp.top:443/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
update-windows.exe
-
Size
606KB
-
MD5
6d15502f7965eb86b7e3ef22415df950
-
SHA1
5607d53d6f679f8ea6c8e5a1225d97cc0c36fed2
-
SHA256
074020d2d88544c1747e8b8d51eedd460305f6c2c529d548d993f1816b93c702
-
SHA512
12d73774636e0fcccfb2ef75bfca94888d7b15806a80c1e5a8292b23baf6d6cbda1cba41f9817f1bf37c29fda9a349bd3a8989e7962b977d53091b942bea8028
-
SSDEEP
12288:JNZum6aVKx6SIIRYz6Y9IwDGDYPG76bR220oRnWDg7sK:JNZDV6IIRCRI5UbR2EF2oL
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/Foreign
-
Size
232KB
-
MD5
d8637ced6059e011349fee2597d53313
-
SHA1
d140570d9f3eeaa9c6d1b42d1a61fa0c6b7d9c0c
-
SHA256
3d7201c97f506e1aba899ff67cf078b253d772b9af13721e9e67aa11535b50b7
-
SHA512
4e4c124e48c4640ce9bf154ca618349aea0556431b1c8b5a150fced1e5fed4764fda845c98b965affe8399425c31b4bb902a813b4818adb6c2c90ab03bc61987
-
SSDEEP
1536:x9modZAHZcaReoy52buj+D1u+lV9xnMxnz6WMFcKS8jkKTZsOyTAyWMFcK1WWGcv:bdZTAzV6MFcmCALMFcavG1MFceXCq
Score1/10 -