General
-
Target
SchooiCleaner_1.0___.bat
-
Size
3KB
-
Sample
240714-qjdl3a1hrr
-
MD5
465174459f8c6f3adb38ff015e8dc808
-
SHA1
8623ed6b17f5d17ffa00a162b1c5f7a784af7eb6
-
SHA256
4361ee39760d6451345a135dbb6845f2f17ddab9b1eb6c141c6cd37745b160c4
-
SHA512
f2a9c82f3b79f5d103e1dd485144f504dc468e626510b6b3b6e3004a667c0110a35eb2e9939b9697f4474de8a9c62457bfb03640193f5a462f10f44c0ac7b9d8
Static task
static1
Malware Config
Targets
-
-
Target
SchooiCleaner_1.0___.bat
-
Size
3KB
-
MD5
465174459f8c6f3adb38ff015e8dc808
-
SHA1
8623ed6b17f5d17ffa00a162b1c5f7a784af7eb6
-
SHA256
4361ee39760d6451345a135dbb6845f2f17ddab9b1eb6c141c6cd37745b160c4
-
SHA512
f2a9c82f3b79f5d103e1dd485144f504dc468e626510b6b3b6e3004a667c0110a35eb2e9939b9697f4474de8a9c62457bfb03640193f5a462f10f44c0ac7b9d8
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-