Resubmissions
18-12-2024 13:38
241218-qxpaqasjdp 1016-12-2024 22:41
241216-2mav5atjep 1016-12-2024 21:41
241216-1j6yqa1rcq 1015-12-2024 17:37
241215-v7bvla1nax 1014-12-2024 18:17
241214-ww5tzazpat 1013-12-2024 18:30
241213-w5q26synfm 1012-12-2024 23:52
241212-3wsb7s1ra1 1012-12-2024 16:49
241212-vb15lszpfv 1004-12-2024 14:46
241204-r492faymax 10General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241216-1j6yqa1rcq
-
MD5
2754fe0444a11859ce6814803daaa62c
-
SHA1
59193f0128f1649184a7f90283d31d891aa23a37
-
SHA256
125b51c996078282c7048d8959fff151b7fa334b4381e74d4f98c4d335ab63c7
-
SHA512
4c9eb428a9223e6b370a771926bf0f6a35fddceb25fe7188cbdc164311fb821b620d073238cd19b0bfabd2c6b197cae35759b4767b176466b077c446a9155b58
-
SSDEEP
98304:o5DjWM8JEE1FdjamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFP:o50zGeNTfm/pf+xk4dWRpmrbW3jmrH
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
2754fe0444a11859ce6814803daaa62c
-
SHA1
59193f0128f1649184a7f90283d31d891aa23a37
-
SHA256
125b51c996078282c7048d8959fff151b7fa334b4381e74d4f98c4d335ab63c7
-
SHA512
4c9eb428a9223e6b370a771926bf0f6a35fddceb25fe7188cbdc164311fb821b620d073238cd19b0bfabd2c6b197cae35759b4767b176466b077c446a9155b58
-
SSDEEP
98304:o5DjWM8JEE1FdjamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFP:o50zGeNTfm/pf+xk4dWRpmrbW3jmrH
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-