General
-
Target
hilolxdbyelol.exe
-
Size
16.6MB
-
Sample
241110-mmdvfsyjen
-
MD5
276f1434179e8a4ca328ac83b1c0ac90
-
SHA1
cd71b687b28b33e03e8a33e6e4195f678fb92bac
-
SHA256
7f75acfee97ad747da00d55e837a14d9fa9104f6f14a1a73f6537f61f48a172a
-
SHA512
785d8f321add743b6e44af72a15fdc434f7502249f4d155cfd0f73be7fe588ea1cfa272b94ca020d0b090638e54a5e7278c92f5b66bf7689e1ae73c3ae60d26f
-
SSDEEP
393216:x1F8ZXjBkteDLP+TebZqRDqOKeqbu5tCv6rsKy/pWu4kRlUy2tyZ:xXkXSeDT+mqBqOKeyu5tCWty/pWkZ
Behavioral task
behavioral1
Sample
hilolxdbyelol.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
hilolxdbyelol.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
hilolxdbyelol.exe
-
Size
16.6MB
-
MD5
276f1434179e8a4ca328ac83b1c0ac90
-
SHA1
cd71b687b28b33e03e8a33e6e4195f678fb92bac
-
SHA256
7f75acfee97ad747da00d55e837a14d9fa9104f6f14a1a73f6537f61f48a172a
-
SHA512
785d8f321add743b6e44af72a15fdc434f7502249f4d155cfd0f73be7fe588ea1cfa272b94ca020d0b090638e54a5e7278c92f5b66bf7689e1ae73c3ae60d26f
-
SSDEEP
393216:x1F8ZXjBkteDLP+TebZqRDqOKeqbu5tCv6rsKy/pWu4kRlUy2tyZ:xXkXSeDT+mqBqOKeyu5tCWty/pWkZ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-