General
-
Target
patchnewworking12.exe
-
Size
69.0MB
-
Sample
241108-2gdptszrc1
-
MD5
8f8c1589ecc8abdafaf464e2a841db92
-
SHA1
ba82bf07804227b26813ac9a7324685d909d15c8
-
SHA256
6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01
-
SHA512
9d3969cf5b4c038920b8e8f4c7d217bf2a49d0dd7864c735b64dba395177bf096127b6b71582615e1438b4033f7448b8f65fffcf06158c32477034c15b7fac2a
-
SSDEEP
1572864:C+dQcWmE3hr+LX5WJoWbgWRSgkNOXWxtQSNDC3yxprMuzIy6R+R:C+d9DYr4X5M3gbcKCz3qMuzwR+
Behavioral task
behavioral1
Sample
patchnewworking12.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
patchnewworking12.exe
-
Size
69.0MB
-
MD5
8f8c1589ecc8abdafaf464e2a841db92
-
SHA1
ba82bf07804227b26813ac9a7324685d909d15c8
-
SHA256
6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01
-
SHA512
9d3969cf5b4c038920b8e8f4c7d217bf2a49d0dd7864c735b64dba395177bf096127b6b71582615e1438b4033f7448b8f65fffcf06158c32477034c15b7fac2a
-
SSDEEP
1572864:C+dQcWmE3hr+LX5WJoWbgWRSgkNOXWxtQSNDC3yxprMuzIy6R+R:C+d9DYr4X5M3gbcKCz3qMuzwR+
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-