General
-
Target
hwidspoofer.exe
-
Size
6.7MB
-
Sample
241003-yalv3ssgpq
-
MD5
19d636449105fa030e4061d229f41c56
-
SHA1
dbe91c3e57ae6a6c174ae6320d6f80e906fcf406
-
SHA256
4bc28c0b151c9a2d05ba9b395b3319993e8b58269cec7f1a7f9ab933678f988c
-
SHA512
2dcaca793d5497d7e611f0cd8cc7aaac5214ebce4ef1d3ffdb63d70fefff8b0da93662f5a4ac89939f80077fd255ffca97c01582898e6eebbe27eed6d6534dd8
-
SSDEEP
196608:8AFh+eN/FJMIDJf0gsAGK5SEQReuAK0//I:NB/Fqyf0gsfNZAK3
Malware Config
Targets
-
-
Target
hwidspoofer.exe
-
Size
6.7MB
-
MD5
19d636449105fa030e4061d229f41c56
-
SHA1
dbe91c3e57ae6a6c174ae6320d6f80e906fcf406
-
SHA256
4bc28c0b151c9a2d05ba9b395b3319993e8b58269cec7f1a7f9ab933678f988c
-
SHA512
2dcaca793d5497d7e611f0cd8cc7aaac5214ebce4ef1d3ffdb63d70fefff8b0da93662f5a4ac89939f80077fd255ffca97c01582898e6eebbe27eed6d6534dd8
-
SSDEEP
196608:8AFh+eN/FJMIDJf0gsAGK5SEQReuAK0//I:NB/Fqyf0gsfNZAK3
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-