General
-
Target
N.E.T.exe
-
Size
18.0MB
-
Sample
240527-v5tbvsbg6w
-
MD5
6302b3d67260b4f7c8070b57ce5d68f7
-
SHA1
023506ac0f643a879191b9ffc4a58a7d00688f61
-
SHA256
c216a1902fa1858bf18e193bb4e3710bbd3970095ec3579ff9b6813ff0b6b91e
-
SHA512
b375986168fae78a86501eb65c1d21151ece6437c895ff873e4bb4f1c22e1d924c98172010c57248b344be0d26a24a9d7c78a094fa9da267b0948521902fa494
-
SSDEEP
393216:c/OL3/dqqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln+E4UK1hAYEuK+:jsD4bX71QtIDa8DZcIl+t1jK+
Malware Config
Targets
-
-
Target
N.E.T.exe
-
Size
18.0MB
-
MD5
6302b3d67260b4f7c8070b57ce5d68f7
-
SHA1
023506ac0f643a879191b9ffc4a58a7d00688f61
-
SHA256
c216a1902fa1858bf18e193bb4e3710bbd3970095ec3579ff9b6813ff0b6b91e
-
SHA512
b375986168fae78a86501eb65c1d21151ece6437c895ff873e4bb4f1c22e1d924c98172010c57248b344be0d26a24a9d7c78a094fa9da267b0948521902fa494
-
SSDEEP
393216:c/OL3/dqqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln+E4UK1hAYEuK+:jsD4bX71QtIDa8DZcIl+t1jK+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-