General
-
Target
Haze.rar
-
Size
17.5MB
-
Sample
240524-eb4bzabh76
-
MD5
79f03cfb0588215dcb143b20f4e03346
-
SHA1
f18b5b3ce8f4b7da0508716e1784ee9aabd78c48
-
SHA256
211279864784c499a69a429e4010827331f1be698213f6b0d29fb7ce805e1375
-
SHA512
77842d6b48e8a69b4af059d0b9bb5b83ab2a0f540106273eb13b16485970349141ab16936e7c3809b386bcd3e314932cf8571acfe930e8032f47de8de9256a62
-
SSDEEP
393216:2zxrsUUrhi7J4M7ZY2s7kKk1LAm3sMPsSp7V2HZn7J0z50ivkF7ylz:2zQ87f7w7bkCeH3MHZn90z5pklyR
Behavioral task
behavioral1
Sample
Haze.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Haze.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Haze.exe
-
Size
17.7MB
-
MD5
8627599746ac77ec879f08695bb29009
-
SHA1
7fbef9cdafc5fd20498ec04329ad406c3f868ed5
-
SHA256
188fe590c4fa1271d92ed50ae48ac42a5124173fcd999713812178830fac7230
-
SHA512
131010124f03990e7e407cd247c8f5d776d7f6115eef35f09d22e3c2b836eef2cb56e3c3ca891c234413275ecc04dfaa31a6d861d121a366acb2391c0b406d2a
-
SSDEEP
393216:9qPnLFXlrSQ8DOETgsvfGFIgLdvEyruZ/Tq:EPLFXNSQhE/ky3m
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-