934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

pythoninzoo.exe

windows7-x64

7

pythoninzoo.exe

windows10-2004-x64

7

Resubmissions

20-04-2024 07:03

240420-hvveysbg9x 7

20-04-2024 07:00

240420-hsm8vsbb72 7

Sharing

General

Target

pythoninzoo.exe
Size

18.2MB
Sample

240420-hsm8vsbb72
MD5

3a272e96b2a6682a76021561514d1906
SHA1

69674411cab38710263415b8d710780f3752bded
SHA256

934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894
SHA512

26298bf3d5337950045e33033edbeaaf5c5ad7de2906518bb4d7d49057cd9f62c1594790a61ee5ca9881f1c4c243f7f660899f8219043b636f3383e35993199a
SSDEEP

393216:N4xb4FU9V++4eN0ynQYeFsseTDfDgKic64eDW8Q3+d9B4X:2x8SVSeC9sseTb0K94W8QOd9B8

Score

7^/10

pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

pythoninzoo.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

pythoninzoo.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  pythoninzoo.exe
- Size
  
  18.2MB
- MD5
  
  3a272e96b2a6682a76021561514d1906
- SHA1
  
  69674411cab38710263415b8d710780f3752bded
- SHA256
  
  934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894
- SHA512
  
  26298bf3d5337950045e33033edbeaaf5c5ad7de2906518bb4d7d49057cd9f62c1594790a61ee5ca9881f1c4c243f7f660899f8219043b636f3383e35993199a
- SSDEEP
  
  393216:N4xb4FU9V++4eN0ynQYeFsseTDfDgKic64eDW8Q3+d9B4X:2x8SVSeC9sseTb0K94W8QOd9B8
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy