General
-
Target
svchost.exe
-
Size
8.2MB
-
Sample
241010-v4er3sxfla
-
MD5
d9635348204944c22dec269b86ce9cd5
-
SHA1
916c7c444d8acec78b5b16059685cbce42d493fe
-
SHA256
783fcaff4f9b6c7bebfe0587b5c486aff5de40e24880e117877e7f16355b2fe9
-
SHA512
9f147df30987868425b5355741c618c8b29bfbb92c32584bc983392ec055b7a82ee20ce5d699a1f758a1462875d8b21086302bbe18d0f74f598976201df81ca3
-
SSDEEP
196608:meuyqZMwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oS+:CJIH2XgHq+jq283Yof
Malware Config
Targets
-
-
Target
svchost.exe
-
Size
8.2MB
-
MD5
d9635348204944c22dec269b86ce9cd5
-
SHA1
916c7c444d8acec78b5b16059685cbce42d493fe
-
SHA256
783fcaff4f9b6c7bebfe0587b5c486aff5de40e24880e117877e7f16355b2fe9
-
SHA512
9f147df30987868425b5355741c618c8b29bfbb92c32584bc983392ec055b7a82ee20ce5d699a1f758a1462875d8b21086302bbe18d0f74f598976201df81ca3
-
SSDEEP
196608:meuyqZMwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oS+:CJIH2XgHq+jq283Yof
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-