General
-
Target
improved tweaks.exe
-
Size
65.5MB
-
Sample
241030-1ec5vasqhl
-
MD5
780ffa5e6f779c4202704a0b14b33037
-
SHA1
6fff3d62e6bd900752d27047d348bb3c3235d055
-
SHA256
809e37aee4ef5186d3165f513b92aaeca5a389acb6c54639f974d2b0145e5d65
-
SHA512
36528933a2ce78b45db2305edc1fcbf4fa567eeafbc579aa4dea89828bfb385c6c85142161b351f8a690a466c8b65bd22d725d74a5791247a522c011a1842123
-
SSDEEP
1572864:xQ9zMLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpydO6nKjZ+Kp:xQ8X5M3gbcKCmc3h46AN
Malware Config
Targets
-
-
Target
improved tweaks.exe
-
Size
65.5MB
-
MD5
780ffa5e6f779c4202704a0b14b33037
-
SHA1
6fff3d62e6bd900752d27047d348bb3c3235d055
-
SHA256
809e37aee4ef5186d3165f513b92aaeca5a389acb6c54639f974d2b0145e5d65
-
SHA512
36528933a2ce78b45db2305edc1fcbf4fa567eeafbc579aa4dea89828bfb385c6c85142161b351f8a690a466c8b65bd22d725d74a5791247a522c011a1842123
-
SSDEEP
1572864:xQ9zMLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpydO6nKjZ+Kp:xQ8X5M3gbcKCmc3h46AN
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-