Resubmissions
03-01-2022 15:51
220103-tagh5sbdh2 10General
-
Target
kr.exe
-
Size
786KB
-
Sample
240414-qwnykagh66
-
MD5
899dc9cc6e7516536bf5e816e8cecf55
-
SHA1
6c07fc00ed2202798194749aa8037bb0ad38bb00
-
SHA256
5f84ad4413ad6dcdea0cb3aa206cc4df29e1bad9d9598912c323c931d568ac90
-
SHA512
445016f0e37ee3ecec319b73713d083711608c044f855e16268f89c88d460e95d85b79d375534ac6b7a4a0e869c49470d49b7e325ff0507c550107d593ae688c
-
SSDEEP
12288:vyxPJa2s86jofrWEuxjcZxyPq8tf8sQ+PRtj3lDsmMHj3N6eiaFmhL+JigR:vyxPJ/s86szWEuKiflOmMDhPEhL+lR
Static task
static1
Behavioral task
behavioral1
Sample
kr.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
kr.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
kr.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
kr.exe
-
Size
786KB
-
MD5
899dc9cc6e7516536bf5e816e8cecf55
-
SHA1
6c07fc00ed2202798194749aa8037bb0ad38bb00
-
SHA256
5f84ad4413ad6dcdea0cb3aa206cc4df29e1bad9d9598912c323c931d568ac90
-
SHA512
445016f0e37ee3ecec319b73713d083711608c044f855e16268f89c88d460e95d85b79d375534ac6b7a4a0e869c49470d49b7e325ff0507c550107d593ae688c
-
SSDEEP
12288:vyxPJa2s86jofrWEuxjcZxyPq8tf8sQ+PRtj3lDsmMHj3N6eiaFmhL+JigR:vyxPJ/s86szWEuKiflOmMDhPEhL+lR
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-