General
-
Target
Hackserver.exe
-
Size
6.0MB
-
Sample
240603-lt5q3sbg85
-
MD5
3ff2846552e4daf2ed1a57c942e6c4eb
-
SHA1
2d7ff422879cc66b04736d3444c1c538d2673a9f
-
SHA256
207d997deba4b3f52041bc9bfd2acccbc374a0ebac6347101b1d93eccb09adc0
-
SHA512
bdd44848bed91e9b40cd8b668900f43635558f219a6d1bb7231d06aeb44b5c26744c815a963ead944167a4a3f172dd7f94bd01e818bbaa1ad7bb9cb0f04cf284
-
SSDEEP
98304:4SSEtdFBodamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBRjVAbB9:4S5FO4eN/FJMIDJf0gsAGK4RtBRjVs9
Behavioral task
behavioral1
Sample
Hackserver.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Hackserver.exe
-
Size
6.0MB
-
MD5
3ff2846552e4daf2ed1a57c942e6c4eb
-
SHA1
2d7ff422879cc66b04736d3444c1c538d2673a9f
-
SHA256
207d997deba4b3f52041bc9bfd2acccbc374a0ebac6347101b1d93eccb09adc0
-
SHA512
bdd44848bed91e9b40cd8b668900f43635558f219a6d1bb7231d06aeb44b5c26744c815a963ead944167a4a3f172dd7f94bd01e818bbaa1ad7bb9cb0f04cf284
-
SSDEEP
98304:4SSEtdFBodamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBRjVAbB9:4S5FO4eN/FJMIDJf0gsAGK4RtBRjVs9
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-