Extracted

• • Target

    exemplo459fbc0f20c9045a899b085983.zip

  • Size

    5.6MB

  • MD5

    a3f818d64708a7bf5f82809acda5579e

  • SHA1

    d3c28af7d8423ddc64cdad2b5cd3430cf4f33ce9

  • SHA256

    4fedd17750adc78d747167049a76373a224a0436c6f7e18307201478f426e27b

  • SHA512

    14eb85663cc4c4bcffb66abb80a4d215056afe418b6c3be37d029baf03289de5b348204702e2a8e18348fd9699622c4d97762ad6fdc1575bbe6cf6148176e70b

  • SSDEEP

    98304:kXgV0QGdFGiYiVdRHGDG3OgGL78hXmHaBCTcjWYyNbHYdk4ioU03GOPQnl6P+urm:kQmCDQOzH8hXQa8IjmbHYu4ioZ3HIl6o

  Score

  10^/10

  executionpersistence

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1