General
-
Target
riphook (2).exe
-
Size
7.4MB
-
Sample
240530-mxw4saeg3s
-
MD5
6e082c9d8258bb23108a6349d2d123e4
-
SHA1
f5d8fc4974f1eda4684f5fca26573d13bccd7529
-
SHA256
430fab6f59a932ebf6fa93266d2c90c43d8dd6bc2fc9d2939b16320cca1ae3fa
-
SHA512
cc22f875a13b8a05ca44645a2db9d25af08b340bfffd46952b2a365dcd0081783ba63290f40c9386fcb7b3a98afe7ee2d2c8ead46c9fabfe2ccbd8d371288953
-
SSDEEP
196608:7rXnYS6FLOshoKMuIkhVastRL5Di3uh1D7Js:XYSMLOshouIkPftRL54YRJs
Behavioral task
behavioral1
Sample
riphook (2).exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
riphook (2).exe
-
Size
7.4MB
-
MD5
6e082c9d8258bb23108a6349d2d123e4
-
SHA1
f5d8fc4974f1eda4684f5fca26573d13bccd7529
-
SHA256
430fab6f59a932ebf6fa93266d2c90c43d8dd6bc2fc9d2939b16320cca1ae3fa
-
SHA512
cc22f875a13b8a05ca44645a2db9d25af08b340bfffd46952b2a365dcd0081783ba63290f40c9386fcb7b3a98afe7ee2d2c8ead46c9fabfe2ccbd8d371288953
-
SSDEEP
196608:7rXnYS6FLOshoKMuIkhVastRL5Di3uh1D7Js:XYSMLOshouIkPftRL54YRJs
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-