General
-
Target
CodToolUPDATED.exe
-
Size
30.5MB
-
Sample
240423-xwhvwaba51
-
MD5
fa7ff55a94d629ca1af12bba73582635
-
SHA1
ff0dc0e3b466a06472387387163517839f30a9c6
-
SHA256
7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35
-
SHA512
aa80f829f6a8620276174bec73a8139d8b19f2c893316f142cda922e4d31236dacb86fba3f4586203ba092f5875205f1d3f5d339fa432be9a9db2aba6b8e77db
-
SSDEEP
786432:naAWibibX71QtIJ2j6+s7LWB75zuPNdS3ILn6eByJKm+da:naHbXJiIJ2qHWB75iVdSG1BzA
Behavioral task
behavioral1
Sample
CodToolUPDATED.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
CodToolUPDATED.exe
-
Size
30.5MB
-
MD5
fa7ff55a94d629ca1af12bba73582635
-
SHA1
ff0dc0e3b466a06472387387163517839f30a9c6
-
SHA256
7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35
-
SHA512
aa80f829f6a8620276174bec73a8139d8b19f2c893316f142cda922e4d31236dacb86fba3f4586203ba092f5875205f1d3f5d339fa432be9a9db2aba6b8e77db
-
SSDEEP
786432:naAWibibX71QtIJ2j6+s7LWB75zuPNdS3ILn6eByJKm+da:naHbXJiIJ2qHWB75iVdSG1BzA
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-