General
-
Target
Mooner_executor.exe
-
Size
6.7MB
-
Sample
240428-119qyaac95
-
MD5
3930b84ea1c2ebdd81060263328383b6
-
SHA1
4aeda40b67995031d1324e5b75846ce887c4fd4d
-
SHA256
1e146b5a97553eeb78af93acfbc72318de81eb7b6e9ef564b9768aee97c09d94
-
SHA512
d80d380fcb37ebd913ff98e78d2ab995c80c93d5baa15fe2e326313b5ae47ab3fdc2cf2e344cb8475fe490b660a3f0c88be2d15034c6dc9d20640816c3020354
-
SSDEEP
196608:+r2fumWiOjmFwDRxtYSHdK34kdai7bN3m5SE+WE6:I9K2pM9B3QQ87
Malware Config
Targets
-
-
Target
Mooner_executor.exe
-
Size
6.7MB
-
MD5
3930b84ea1c2ebdd81060263328383b6
-
SHA1
4aeda40b67995031d1324e5b75846ce887c4fd4d
-
SHA256
1e146b5a97553eeb78af93acfbc72318de81eb7b6e9ef564b9768aee97c09d94
-
SHA512
d80d380fcb37ebd913ff98e78d2ab995c80c93d5baa15fe2e326313b5ae47ab3fdc2cf2e344cb8475fe490b660a3f0c88be2d15034c6dc9d20640816c3020354
-
SSDEEP
196608:+r2fumWiOjmFwDRxtYSHdK34kdai7bN3m5SE+WE6:I9K2pM9B3QQ87
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-