General
-
Target
299deba70c83f2069cb7cac52da7953bff6c6d15043aba4c10c98801f3388005N
-
Size
6.8MB
-
Sample
241003-dqjensvhkf
-
MD5
9fa9e8da0413487aebbc8f95dd0fe450
-
SHA1
07abbdd14762a5548e30fb25182ee102b52c84d0
-
SHA256
299deba70c83f2069cb7cac52da7953bff6c6d15043aba4c10c98801f3388005
-
SHA512
300389a022760753439476f1caa3c5cbeba2c087fc30a9fd3456627e1d761e3ce19b9fa17f9e4798b83a54f74ce45292a30a0e1f16b7052543072833e91a0ba5
-
SSDEEP
196608:JOV1ZZB6ylnlPzf+JiJCsmFMvNn6hVvTs:IZBRlnlPSa7mmvN+rs
Malware Config
Targets
-
-
Target
299deba70c83f2069cb7cac52da7953bff6c6d15043aba4c10c98801f3388005N
-
Size
6.8MB
-
MD5
9fa9e8da0413487aebbc8f95dd0fe450
-
SHA1
07abbdd14762a5548e30fb25182ee102b52c84d0
-
SHA256
299deba70c83f2069cb7cac52da7953bff6c6d15043aba4c10c98801f3388005
-
SHA512
300389a022760753439476f1caa3c5cbeba2c087fc30a9fd3456627e1d761e3ce19b9fa17f9e4798b83a54f74ce45292a30a0e1f16b7052543072833e91a0ba5
-
SSDEEP
196608:JOV1ZZB6ylnlPzf+JiJCsmFMvNn6hVvTs:IZBRlnlPSa7mmvN+rs
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-