General
-
Target
DripLite.exe
-
Size
22.6MB
-
Sample
240525-1x6vwacf29
-
MD5
29b37ee7f2e4f83f5a9151c76d78c38c
-
SHA1
1f90143516f42b1b4a9ba9554b9a4ca8944b9e42
-
SHA256
3c4f8fcd2f82e81b62149ec02a9db9fe414e643b36259abfd9fd1ccc34c9d191
-
SHA512
f6a9e6db96f4caf219669d3595e146fb6b7117377bc8a4e863708f8ff0d357928a060d5e6ae3ed6de7f3709d199c57b4a6f7605ce68d7f25be0593254a03ccd0
-
SSDEEP
393216:uo9DM45Cto5L1V8dkurEUWj5EnBSVkRIrY87FNwrMiE1PcZYE9buK+:P9NMgRndbQzcY87FyMiRYEEK+
Behavioral task
behavioral1
Sample
DripLite.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
DripLite.exe
-
Size
22.6MB
-
MD5
29b37ee7f2e4f83f5a9151c76d78c38c
-
SHA1
1f90143516f42b1b4a9ba9554b9a4ca8944b9e42
-
SHA256
3c4f8fcd2f82e81b62149ec02a9db9fe414e643b36259abfd9fd1ccc34c9d191
-
SHA512
f6a9e6db96f4caf219669d3595e146fb6b7117377bc8a4e863708f8ff0d357928a060d5e6ae3ed6de7f3709d199c57b4a6f7605ce68d7f25be0593254a03ccd0
-
SSDEEP
393216:uo9DM45Cto5L1V8dkurEUWj5EnBSVkRIrY87FNwrMiE1PcZYE9buK+:P9NMgRndbQzcY87FyMiRYEEK+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-