General
-
Target
RipHook (1).exe
-
Size
14.2MB
-
Sample
240522-mw5pjacc9t
-
MD5
f57516c2d62574b08aa1f7e6118854d1
-
SHA1
20d7242b2962030cfd84a8e555076fb9115907e7
-
SHA256
d162356510fdaf7beaea1f6f244e53fcaac0266aba4c79d6e04b2a9952c954b0
-
SHA512
a8dd76399bada01f552a68131c1cd1bd0d6cfcc95c28de299a2daa47e43d3579098128624154c612d4fdf92a09bb64e485e6b68d44c6af484c92fd362c3ff5f0
-
SSDEEP
393216:sOL3/dydvVnwW+eGQRZMTozGxu8C0ibfVc7xkxemRS7ZWDOu:Z8dvlwW+e5RsoztZ0qcq8K+wl
Behavioral task
behavioral1
Sample
RipHook (1).exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
RipHook (1).exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
RipHook (1).exe
-
Size
14.2MB
-
MD5
f57516c2d62574b08aa1f7e6118854d1
-
SHA1
20d7242b2962030cfd84a8e555076fb9115907e7
-
SHA256
d162356510fdaf7beaea1f6f244e53fcaac0266aba4c79d6e04b2a9952c954b0
-
SHA512
a8dd76399bada01f552a68131c1cd1bd0d6cfcc95c28de299a2daa47e43d3579098128624154c612d4fdf92a09bb64e485e6b68d44c6af484c92fd362c3ff5f0
-
SSDEEP
393216:sOL3/dydvVnwW+eGQRZMTozGxu8C0ibfVc7xkxemRS7ZWDOu:Z8dvlwW+e5RsoztZ0qcq8K+wl
Score7/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-