General
-
Target
SCOOBY_Tools.exe
-
Size
14.5MB
-
Sample
240621-h7dyqsvdll
-
MD5
35d2327168f2804b62f2d628d037b823
-
SHA1
7162df40d12f34f646cbf3a935aa77efc0e4a29c
-
SHA256
916f6668cd54fab847bd0858b75ac0b8ddc85d57d10fcbac61c3d566119280c8
-
SHA512
ccf367f6eaa88c882cc44028c707dc8ec2e8534793e51b473f9a789e14cdc2dde32fde50dd914bf3b7169951aa2c08d81a6eba87b665c09b6fe07eefad3ca5cf
-
SSDEEP
393216:EmZZC/Bc9CDXRL3bYiG0plnzt3QA2iGkmkOqU:EmXIvJM6ln5QtDk8
Malware Config
Targets
-
-
Target
SCOOBY_Tools.exe
-
Size
14.5MB
-
MD5
35d2327168f2804b62f2d628d037b823
-
SHA1
7162df40d12f34f646cbf3a935aa77efc0e4a29c
-
SHA256
916f6668cd54fab847bd0858b75ac0b8ddc85d57d10fcbac61c3d566119280c8
-
SHA512
ccf367f6eaa88c882cc44028c707dc8ec2e8534793e51b473f9a789e14cdc2dde32fde50dd914bf3b7169951aa2c08d81a6eba87b665c09b6fe07eefad3ca5cf
-
SSDEEP
393216:EmZZC/Bc9CDXRL3bYiG0plnzt3QA2iGkmkOqU:EmXIvJM6ln5QtDk8
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-