General
-
Target
Ewpeloxttug.exe
-
Size
2.2MB
-
Sample
241130-bv85sazqdq
-
MD5
23c8cb1226c61a164d7518218c837b81
-
SHA1
45ea74832e487bacb788189c04661b29a71e86b5
-
SHA256
21aaa5319a6729df0581203a0782ead837b848387e44cd1844ca8e19882a50af
-
SHA512
8e219108c05966ec8ee6bc2ce2fb40c4aedce6614e65970c356e4f840e88720188c762aaa4451c2f5f1fa1bbc14136ecbcd1f4c9f3b1a5fccc0ab053a37bcc21
-
SSDEEP
24576:wqDdns3FYYhWxL3rc/+rhm+qx6GuQ5qGPVmTy9xMNWgJ/AICqQ9pEsePeHMSPs2f:1iD
Static task
static1
Behavioral task
behavioral1
Sample
Ewpeloxttug.exe
Resource
win7-20240903-en
Malware Config
Extracted
systembc
claywyaeropumps.com
178.132.2.10
-
dns
5.132.191.104
Targets
-
-
Target
Ewpeloxttug.exe
-
Size
2.2MB
-
MD5
23c8cb1226c61a164d7518218c837b81
-
SHA1
45ea74832e487bacb788189c04661b29a71e86b5
-
SHA256
21aaa5319a6729df0581203a0782ead837b848387e44cd1844ca8e19882a50af
-
SHA512
8e219108c05966ec8ee6bc2ce2fb40c4aedce6614e65970c356e4f840e88720188c762aaa4451c2f5f1fa1bbc14136ecbcd1f4c9f3b1a5fccc0ab053a37bcc21
-
SSDEEP
24576:wqDdns3FYYhWxL3rc/+rhm+qx6GuQ5qGPVmTy9xMNWgJ/AICqQ9pEsePeHMSPs2f:1iD
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Systembc family
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-