General
-
Target
ñape.exe
-
Size
25.7MB
-
Sample
240526-ya3tlaab79
-
MD5
7051a08c6f42b5832e9b7b366d22aed9
-
SHA1
c4856f9119b010bc52ea994e35b3cb3d49fae4dd
-
SHA256
b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f
-
SHA512
71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7
-
SSDEEP
393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+
Malware Config
Targets
-
-
Target
ñape.exe
-
Size
25.7MB
-
MD5
7051a08c6f42b5832e9b7b366d22aed9
-
SHA1
c4856f9119b010bc52ea994e35b3cb3d49fae4dd
-
SHA256
b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f
-
SHA512
71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7
-
SSDEEP
393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-