General
-
Target
CT gorilla tag loader.exe
-
Size
49.2MB
-
Sample
240701-a51eysthjk
-
MD5
a5c3b47d44280a9982b42980c6a3e46e
-
SHA1
1475b5c78e598eb78a563d1cca8913f169bec260
-
SHA256
1d4207b882a289493382f3f550c29defd97e411c80b428289631b71bdd63d42c
-
SHA512
fd977b860fda0496defeb59a9cc32213ab6ae3edc02629cff4754d8abf28bdf15b2812c28cf2cbdcb4d6cc3956338a92abece45aceafe6f5a3a7aec0eda0aef0
-
SSDEEP
1572864:kfcQtIeb01Cpa8iIpz2qHWB75il+WBZo0Wi3DC3:qc+7paeR2qHO5izBW05zA
Malware Config
Targets
-
-
Target
CT gorilla tag loader.exe
-
Size
49.2MB
-
MD5
a5c3b47d44280a9982b42980c6a3e46e
-
SHA1
1475b5c78e598eb78a563d1cca8913f169bec260
-
SHA256
1d4207b882a289493382f3f550c29defd97e411c80b428289631b71bdd63d42c
-
SHA512
fd977b860fda0496defeb59a9cc32213ab6ae3edc02629cff4754d8abf28bdf15b2812c28cf2cbdcb4d6cc3956338a92abece45aceafe6f5a3a7aec0eda0aef0
-
SSDEEP
1572864:kfcQtIeb01Cpa8iIpz2qHWB75il+WBZo0Wi3DC3:qc+7paeR2qHO5izBW05zA
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Legitimate hosting services abused for malware hosting/C2
-