General
-
Target
Toxinware.exe
-
Size
46.7MB
-
Sample
240510-mmdjpahf21
-
MD5
c9bca83898ffecbc976cf8d4e486e3dc
-
SHA1
c59533d551441b0eb617e8060768555f004a13e1
-
SHA256
604e116a9bb85c08a7e82dca901d330f7b49188b68b01c159248917a50f03b83
-
SHA512
f1f03db18813dbd7a746f22ac2ffe30a2533ada3604269797af6fde97debeb70ce6a780219c4248ecaac1c42bf7a871b7eff61688c07388478e4ff61d3aab77a
-
SSDEEP
393216:XDna3FQtsMr7M5lin1+TtIiFP/IjcAHiS26YxoroFWF452:X21Qtse7M5lq1QtIi/IdHrWxoeV5
Behavioral task
behavioral1
Sample
Toxinware.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Toxinware.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Toxinware.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Toxinware.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Toxinware.exe
-
Size
46.7MB
-
MD5
c9bca83898ffecbc976cf8d4e486e3dc
-
SHA1
c59533d551441b0eb617e8060768555f004a13e1
-
SHA256
604e116a9bb85c08a7e82dca901d330f7b49188b68b01c159248917a50f03b83
-
SHA512
f1f03db18813dbd7a746f22ac2ffe30a2533ada3604269797af6fde97debeb70ce6a780219c4248ecaac1c42bf7a871b7eff61688c07388478e4ff61d3aab77a
-
SSDEEP
393216:XDna3FQtsMr7M5lin1+TtIiFP/IjcAHiS26YxoroFWF452:X21Qtse7M5lq1QtIi/IdHrWxoeV5
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Toxinware.pyc
-
Size
50KB
-
MD5
989b7bfb86b86dd20bfa8ea62e3ee67f
-
SHA1
b31143428835a6f78b75bcddff13dfa95d695a89
-
SHA256
030a44e9da0932adce88a2fdf9767b7e6174b69b572d9c586c16ce2d71dc04a9
-
SHA512
306da6339176730d53d70ff264557b9ae5aa01c59034ce698147ca3902908feaeac02ab9f2dad5c432629632330cd2f2a236d1ce4ad6160cb3f08ec5ff28d039
-
SSDEEP
1536:t9MWlNC+//7de2kaw0gF8YUHPlHM0jMZDlhLxwUSgeC:vNCEE5a5P9M0j3UaC
Score3/10 -