General
-
Target
Twitch-Patcheur-30.2.3-Windows-Installer.exe
-
Size
346KB
-
Sample
240817-xbpspatcqp
-
MD5
db9793f028e6bb71003f7d75673de99e
-
SHA1
03a31b6cb26c9e6deca14d2cc7e71f67bf61c986
-
SHA256
3b36c155ce5aa68a3100ad8337ba880b6a3f9facfd254531317fec0731db244d
-
SHA512
5dc8a769771c20cffa753e6bcf04fa5a7113ecef3b97818c924c2843f820b94746137285dc900d0508c15a1fe341624d996115bdeea398e4f4b1a34acee0c34f
-
SSDEEP
6144:xt5hBPi0BW69hd1MMdxPe9N9uA069TB4kOAF4fffNJmfg+O+j8kwCo1:xtzww69T+kHF4fffNJmfg+O+jfLo1
Static task
static1
Malware Config
Targets
-
-
Target
Twitch-Patcheur-30.2.3-Windows-Installer.exe
-
Size
346KB
-
MD5
db9793f028e6bb71003f7d75673de99e
-
SHA1
03a31b6cb26c9e6deca14d2cc7e71f67bf61c986
-
SHA256
3b36c155ce5aa68a3100ad8337ba880b6a3f9facfd254531317fec0731db244d
-
SHA512
5dc8a769771c20cffa753e6bcf04fa5a7113ecef3b97818c924c2843f820b94746137285dc900d0508c15a1fe341624d996115bdeea398e4f4b1a34acee0c34f
-
SSDEEP
6144:xt5hBPi0BW69hd1MMdxPe9N9uA069TB4kOAF4fffNJmfg+O+j8kwCo1:xtzww69T+kHF4fffNJmfg+O+jfLo1
-
Blocklisted process makes network request
-
Download via BitsAdmin
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-