Resubmissions
12-04-2024 14:24
240412-rq4mhabb49 1012-04-2024 14:23
240412-rqj8vseb6x 1012-04-2024 14:23
240412-rqhp2abb46 812-04-2024 14:23
240412-rqhd9seb6w 812-04-2024 14:23
240412-rqgsqseb6v 809-04-2024 07:30
240409-jb97qsch3w 1009-04-2024 07:30
240409-jb2wcshe88 1009-04-2024 07:29
240409-jba3mscg9s 1009-04-2024 07:28
240409-ja2h7she62 729-03-2024 02:37
240329-c4jf6aga87 9General
-
Target
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
-
Size
1.9MB
-
Sample
240412-rqhp2abb46
-
MD5
bab406ad3b0603a45625755ffbccce49
-
SHA1
7ce0bd31c68c5b54854098acad195b7a8d804939
-
SHA256
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8
-
SHA512
a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc
-
SSDEEP
49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA
Static task
static1
Behavioral task
behavioral1
Sample
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
-
Size
1.9MB
-
MD5
bab406ad3b0603a45625755ffbccce49
-
SHA1
7ce0bd31c68c5b54854098acad195b7a8d804939
-
SHA256
bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8
-
SHA512
a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc
-
SSDEEP
49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA
Score8/10-
Contacts a large (747) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-