General
-
Target
Oracle.exe
-
Size
17.2MB
-
Sample
240511-g3yxnsab4z
-
MD5
c9913cbcaa6bdbf0a567f4a5c2921520
-
SHA1
f36f7f8042120141fd1d131c69b60e2834c45de0
-
SHA256
714a503eac2735230d0d481b0519bd91832c1a728e50fcf3c98269d8a8a06ad4
-
SHA512
b8ac9155df5da7500a9dfaac8f8e8a4507019bc63c71c30cea91d9dc2a07e70c3ee21caddc58bc1ce3651d7511f1eaa31ecdffdddcff313558858c0d3276e376
-
SSDEEP
393216:m77TN3Vw8v90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:SwK9PvNRkdb8zbIkSK+
Behavioral task
behavioral1
Sample
Oracle.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Oracle.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Oracle.exe
-
Size
17.2MB
-
MD5
c9913cbcaa6bdbf0a567f4a5c2921520
-
SHA1
f36f7f8042120141fd1d131c69b60e2834c45de0
-
SHA256
714a503eac2735230d0d481b0519bd91832c1a728e50fcf3c98269d8a8a06ad4
-
SHA512
b8ac9155df5da7500a9dfaac8f8e8a4507019bc63c71c30cea91d9dc2a07e70c3ee21caddc58bc1ce3651d7511f1eaa31ecdffdddcff313558858c0d3276e376
-
SSDEEP
393216:m77TN3Vw8v90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:SwK9PvNRkdb8zbIkSK+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-