General
-
Target
IPlookup.exe
-
Size
7.4MB
-
Sample
240503-2fzkxaba26
-
MD5
58d61b76f78353094bf4088451d199aa
-
SHA1
4481213bd99fa5dd8a53a6f71ab8883091dbb639
-
SHA256
c54def823ce80606fdc5712fa9d5dfc4aca7ef808bf6b28668c7c73248d4bbfb
-
SHA512
e36604981fda20a06ff647cba2e750e6182c0a52eaad7266f44f7f391094841ba844b94ac851957d2203ec54b5fc89d6865f22d829511b9927c57d4f1296e6da
-
SSDEEP
196608:hJrzUtnLdNERjB6yM+KriWRMCTktEIoAOm:LrzUJR6pBRqrikktWA/
Static task
static1
Behavioral task
behavioral1
Sample
IPlookup.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
IPlookup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
stub-o.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
stub-o.pyc
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
IPlookup.exe
-
Size
7.4MB
-
MD5
58d61b76f78353094bf4088451d199aa
-
SHA1
4481213bd99fa5dd8a53a6f71ab8883091dbb639
-
SHA256
c54def823ce80606fdc5712fa9d5dfc4aca7ef808bf6b28668c7c73248d4bbfb
-
SHA512
e36604981fda20a06ff647cba2e750e6182c0a52eaad7266f44f7f391094841ba844b94ac851957d2203ec54b5fc89d6865f22d829511b9927c57d4f1296e6da
-
SSDEEP
196608:hJrzUtnLdNERjB6yM+KriWRMCTktEIoAOm:LrzUJR6pBRqrikktWA/
-
Detect ZGRat V1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
stub-o.pyc
-
Size
74KB
-
MD5
5fb03b19062e84186da7cc0fbe5a200f
-
SHA1
b5e91226f94e769578e025383cccc338c571e326
-
SHA256
c2ddeb4703d9ff08678403ef4f7887f366a40f7280f7b6cc809e7af0453c9ee0
-
SHA512
2cd82d37c0b88a0d287c4f8aa45e3b045008a3b64f42946fc43dfa43625e2155764c82962870bf7d891d8f66496667d23e766bb2ef3af8413c241cb5b9cf21e1
-
SSDEEP
1536:EskXjjs103YkbECu5TyEP6s6zojuE/fOvlQey0JzwTWfhAjw9QV:Es6sXkMgvMjuAfqlQChwpjwKV
Score3/10 -