General
-
Target
ohio.exe
-
Size
14.0MB
-
Sample
240527-x7tfragd37
-
MD5
6f9ebb81244ab2838848b9598bb9fcf4
-
SHA1
4aac71ef6dbe20cbcba04036f43b34c6983ba636
-
SHA256
4f89131443219f07ab594514fa7f6f339077ad0017dfd0af044b10e7aec43428
-
SHA512
5ea86991058d7450e2762a4293cb62bd6eceed1dde79df2d837139a38e79cd9b970c93fb408a41bc000e78bdb4bc53285b08af3c968d2e875ac424837c77e970
-
SSDEEP
393216:No9DVuMu8cTOjh2Jp5MVRHd82nsDVCQRFtlqV0NAE4S1Uo0J:y9puJYhXFiVFtlRmE2
Behavioral task
behavioral1
Sample
ohio.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
ohio.exe
-
Size
14.0MB
-
MD5
6f9ebb81244ab2838848b9598bb9fcf4
-
SHA1
4aac71ef6dbe20cbcba04036f43b34c6983ba636
-
SHA256
4f89131443219f07ab594514fa7f6f339077ad0017dfd0af044b10e7aec43428
-
SHA512
5ea86991058d7450e2762a4293cb62bd6eceed1dde79df2d837139a38e79cd9b970c93fb408a41bc000e78bdb4bc53285b08af3c968d2e875ac424837c77e970
-
SSDEEP
393216:No9DVuMu8cTOjh2Jp5MVRHd82nsDVCQRFtlqV0NAE4S1Uo0J:y9puJYhXFiVFtlRmE2
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-