General
-
Target
Lag_Switch_V2.exe
-
Size
16.7MB
-
Sample
240511-kwgxcsch66
-
MD5
e017de84589503abaad5669da6fa4011
-
SHA1
474617635969a2d79896259bf367368a35725aa4
-
SHA256
11d3b93f794e234ef5b44921b9dac12cbd87df652330bc20ba510d5c979fc3dd
-
SHA512
ac8954e5f53f76107a5fa96d0a48e65a422050190074860608371fcfe0d38cfe4d0fe8f1e8aa218b3e3f94583d9bd6c9fcd2fc02854775d0b6d0036364c2c599
-
SSDEEP
393216:bWjv90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:qr9PvNRkdb8zbIkSK+
Behavioral task
behavioral1
Sample
Lag_Switch_V2.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Lag_Switch_V2.exe
-
Size
16.7MB
-
MD5
e017de84589503abaad5669da6fa4011
-
SHA1
474617635969a2d79896259bf367368a35725aa4
-
SHA256
11d3b93f794e234ef5b44921b9dac12cbd87df652330bc20ba510d5c979fc3dd
-
SHA512
ac8954e5f53f76107a5fa96d0a48e65a422050190074860608371fcfe0d38cfe4d0fe8f1e8aa218b3e3f94583d9bd6c9fcd2fc02854775d0b6d0036364c2c599
-
SSDEEP
393216:bWjv90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:qr9PvNRkdb8zbIkSK+
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-