General
-
Target
eL9iw2JX9kSovRbsX.exe
-
Size
17.3MB
-
Sample
240525-mazw6adg73
-
MD5
324a67ac858c92753c577dcc8656876b
-
SHA1
152ec94737908108c7b1ccb7e41ffd5742dd16e1
-
SHA256
3034a99441bec34b73687ea1ee396d84029be66a2036571480442b1e154533b9
-
SHA512
d5cf19d4f50f19a270869ac0a5bbd8b37e5cb3d290c391ae8d3b859ed1cf9a5413e380f5f37171d0eed5310350f1ec1c62efe36c007b350fd496906e9c139da6
-
SSDEEP
196608:+C1Fih8Fpji0sKYu/PaQdXGn934usUR3ElCHPIeNABFJMIDJD5qgsAGK5SEQRrqz:bLFmQdXGmm0EKFqy4gsfNYgYPw1TXC
Malware Config
Targets
-
-
Target
eL9iw2JX9kSovRbsX.exe
-
Size
17.3MB
-
MD5
324a67ac858c92753c577dcc8656876b
-
SHA1
152ec94737908108c7b1ccb7e41ffd5742dd16e1
-
SHA256
3034a99441bec34b73687ea1ee396d84029be66a2036571480442b1e154533b9
-
SHA512
d5cf19d4f50f19a270869ac0a5bbd8b37e5cb3d290c391ae8d3b859ed1cf9a5413e380f5f37171d0eed5310350f1ec1c62efe36c007b350fd496906e9c139da6
-
SSDEEP
196608:+C1Fih8Fpji0sKYu/PaQdXGn934usUR3ElCHPIeNABFJMIDJD5qgsAGK5SEQRrqz:bLFmQdXGmm0EKFqy4gsfNYgYPw1TXC
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-