General
-
Target
OTPBOT.exe
-
Size
10.7MB
-
Sample
241005-zrdrgasejr
-
MD5
9720bee076c6b3be6c9081d0af8178e4
-
SHA1
739a71e1ca502a8ede612324820a8152a5b88763
-
SHA256
c2dfa035423fbd68e4630a2d1596fbbb3002457521c893e577d3cf82f0590bfe
-
SHA512
a11c5d41ef3bc4dadee36e6ad0df1dbd7aa160b05b3c1fec9657c9acdd67bb90c27e9ddffe81b8def26bf339df23becfd97bc55fe6a38ad4e8d500fd8238e737
-
SSDEEP
196608:RqQQY3a91b1bOJ+ckTPpGAjMGhuPD5U4iDfyGw21X5Sp6GemDMPwuWPTw9ruTGgF:8Y3a1JPP8AxYDMDfDTpfaMPgcuvjQ
Malware Config
Targets
-
-
Target
OTPBOT.exe
-
Size
10.7MB
-
MD5
9720bee076c6b3be6c9081d0af8178e4
-
SHA1
739a71e1ca502a8ede612324820a8152a5b88763
-
SHA256
c2dfa035423fbd68e4630a2d1596fbbb3002457521c893e577d3cf82f0590bfe
-
SHA512
a11c5d41ef3bc4dadee36e6ad0df1dbd7aa160b05b3c1fec9657c9acdd67bb90c27e9ddffe81b8def26bf339df23becfd97bc55fe6a38ad4e8d500fd8238e737
-
SSDEEP
196608:RqQQY3a91b1bOJ+ckTPpGAjMGhuPD5U4iDfyGw21X5Sp6GemDMPwuWPTw9ruTGgF:8Y3a1JPP8AxYDMDfDTpfaMPgcuvjQ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
otpbotlocal.pyc
-
Size
9KB
-
MD5
2f2229f1c983738ed7e15cbe61e08c13
-
SHA1
99e6852bf1ec3b14b1165d3cab80e99e4b94c09f
-
SHA256
45820bb814081367987b110b3f1f3f10cd74ea028dfc9fca6ce5c93d80a8e9eb
-
SHA512
981c56c910c533163de5b0fcca0278fdea20f17a17d95745b0ac9e8bd1b81c6649a08735821d953f58da0537975c0e6fdcb32777af5b63f85ec198aff97c567d
-
SSDEEP
192:lQZxZmNYXiPJkDUn77777B77bTuC7Ic3sevCxJhtNWrmhoFDW:lQZKuyVyC13sIHrmhoFDW
Score3/10 -