General
-
Target
svchost.exe
-
Size
12.0MB
-
Sample
240528-sbekhahf4z
-
MD5
48b277a9ac4e729f9262dd9f7055c422
-
SHA1
d7e8a3fa664e863243c967520897e692e67c5725
-
SHA256
5c832eda59809a4f51dc779bb00bd964aad42f2597a1c9f935cfb37f0888ef17
-
SHA512
66dd4d1a82103cd90c113df21eb693a2bffde2cde41f9f40b5b85368d5a920b66c3bc5cadaf9f9d74dfd0f499086bedd477f593184a7f755b7b210ef5e428941
-
SSDEEP
196608:HWweM4sJFPpGAjMGhuPD5U4iDfyGgVwBdnpkYRMoSENsS3Mcj0kilsl:0SP8AxYDMDfDgVc6J4pMcj9Wsl
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
svchost.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
svchost.exe
-
Size
12.0MB
-
MD5
48b277a9ac4e729f9262dd9f7055c422
-
SHA1
d7e8a3fa664e863243c967520897e692e67c5725
-
SHA256
5c832eda59809a4f51dc779bb00bd964aad42f2597a1c9f935cfb37f0888ef17
-
SHA512
66dd4d1a82103cd90c113df21eb693a2bffde2cde41f9f40b5b85368d5a920b66c3bc5cadaf9f9d74dfd0f499086bedd477f593184a7f755b7b210ef5e428941
-
SSDEEP
196608:HWweM4sJFPpGAjMGhuPD5U4iDfyGgVwBdnpkYRMoSENsS3Mcj0kilsl:0SP8AxYDMDfDgVc6J4pMcj9Wsl
Score8/10-
Contacts a large (1299) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-