General
-
Target
5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446.exe
-
Size
26.6MB
-
Sample
240516-3chzesea76
-
MD5
67bd09879e6fe66763074091f57f3150
-
SHA1
43825d37d0821a6a21aee73e30ecb71c04b14119
-
SHA256
5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446
-
SHA512
668d8048608bf31795fd743d34b8210d2a8b75b3e5c119acfa5d790e06aba0c06cc3f95f2b219879f80ea4201de89d04e99255cda30d6ae0d3c7de3578fb3e88
-
SSDEEP
393216:Io9D7E9QdXG45L1V8dJKFqy4gst0BPeiz+xy446iU:19cQPR4hveGYv4P
Behavioral task
behavioral1
Sample
5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446.exe
-
Size
26.6MB
-
MD5
67bd09879e6fe66763074091f57f3150
-
SHA1
43825d37d0821a6a21aee73e30ecb71c04b14119
-
SHA256
5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446
-
SHA512
668d8048608bf31795fd743d34b8210d2a8b75b3e5c119acfa5d790e06aba0c06cc3f95f2b219879f80ea4201de89d04e99255cda30d6ae0d3c7de3578fb3e88
-
SSDEEP
393216:Io9D7E9QdXG45L1V8dJKFqy4gst0BPeiz+xy446iU:19cQPR4hveGYv4P
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-