General
-
Target
fixed.exe
-
Size
23.4MB
-
Sample
240606-rqc5jsgc64
-
MD5
6d1696528ee9e5d75759f85d22059034
-
SHA1
50fba881accd0f35fd5713cc58ec165b94478d3b
-
SHA256
03a38e819632cf8fd4150a1b5c5fb67aba14b6dbe92d235d53b428f63e497fae
-
SHA512
58ea15a318be77fe5d11a5fc78d0f67d2748ea79c00e4550b66d3f52e33e6608c9bd73938165bea28a7380f4fa72c53f0a499a559caab691944022398c49b795
-
SSDEEP
393216:2h9SCD5/7XfAh2Jp5MLurEUWjZEnBSVkRIrY874hxjEh01tLKyh/R/X8WjC+da:w9fh7YhpdbwzcY874j91NKyJRkeC+da
Behavioral task
behavioral1
Sample
fixed.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
fixed.exe
-
Size
23.4MB
-
MD5
6d1696528ee9e5d75759f85d22059034
-
SHA1
50fba881accd0f35fd5713cc58ec165b94478d3b
-
SHA256
03a38e819632cf8fd4150a1b5c5fb67aba14b6dbe92d235d53b428f63e497fae
-
SHA512
58ea15a318be77fe5d11a5fc78d0f67d2748ea79c00e4550b66d3f52e33e6608c9bd73938165bea28a7380f4fa72c53f0a499a559caab691944022398c49b795
-
SSDEEP
393216:2h9SCD5/7XfAh2Jp5MLurEUWjZEnBSVkRIrY874hxjEh01tLKyh/R/X8WjC+da:w9fh7YhpdbwzcY874j91NKyJRkeC+da
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-