General
-
Target
LeagueFVM_2.2.exe
-
Size
22.2MB
-
Sample
240603-a3s8vsda8x
-
MD5
323c5554ba396eafe23a462f96db6b0e
-
SHA1
e094035104e30f8ee8963a8d671301fa53269d93
-
SHA256
54e11d707eb6904fa1f3262b461a12bf5e4040c71ed155a58d68b1e2f7a2a93e
-
SHA512
f466e21ec60bda298392076b27fbc314b0c72e193bde3c7a36c0139b488556f238fa085a811369ce0bda7575ab02e33dbca469c893de4ff7d2dcb183d4acf64e
-
SSDEEP
393216:VEkQLQtss27vCJWQsUcR4NzQW+eGQRg93iObIhRS/PcLprpJnU6oHd85Tv/:VYQts5CYQFIW+e5R49MhR+cV9lEy5T
Malware Config
Targets
-
-
Target
LeagueFVM_2.2.exe
-
Size
22.2MB
-
MD5
323c5554ba396eafe23a462f96db6b0e
-
SHA1
e094035104e30f8ee8963a8d671301fa53269d93
-
SHA256
54e11d707eb6904fa1f3262b461a12bf5e4040c71ed155a58d68b1e2f7a2a93e
-
SHA512
f466e21ec60bda298392076b27fbc314b0c72e193bde3c7a36c0139b488556f238fa085a811369ce0bda7575ab02e33dbca469c893de4ff7d2dcb183d4acf64e
-
SSDEEP
393216:VEkQLQtss27vCJWQsUcR4NzQW+eGQRg93iObIhRS/PcLprpJnU6oHd85Tv/:VYQts5CYQFIW+e5R49MhR+cV9lEy5T
-
Command and Scripting Interpreter: PowerShell
Run Powershell to get system information as a root user.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-