General
-
Target
Pollist.exe
-
Size
768KB
-
Sample
250506-kw8p3sbq6v
-
MD5
934cb77c9520033ab31ae23852b43c03
-
SHA1
642e2fb3a66810ad37804ea006bc00d3291ec04e
-
SHA256
efa391c33dd89d4fdd615ea206c807d928db1068e0d8132c68528046c5f377ab
-
SHA512
5ac8c2d22164a06f26c52cd380fc053939f777a97cf63d3548985d0f90246aee2a189e3934863bca77e1301aa0b9c66bb1ae921d67c376d99aee875edf6bcea8
-
SSDEEP
12288:uI8md7NV6SpUbKe9ponWuvsfte2TibtbMxB0HdraER/tK4s3r15i:vd7NV6SpUbKe9p1fhihM29R/ox3rO
Static task
static1
Behavioral task
behavioral1
Sample
Pollist.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
Pollist.exe
-
Size
768KB
-
MD5
934cb77c9520033ab31ae23852b43c03
-
SHA1
642e2fb3a66810ad37804ea006bc00d3291ec04e
-
SHA256
efa391c33dd89d4fdd615ea206c807d928db1068e0d8132c68528046c5f377ab
-
SHA512
5ac8c2d22164a06f26c52cd380fc053939f777a97cf63d3548985d0f90246aee2a189e3934863bca77e1301aa0b9c66bb1ae921d67c376d99aee875edf6bcea8
-
SSDEEP
12288:uI8md7NV6SpUbKe9ponWuvsfte2TibtbMxB0HdraER/tK4s3r15i:vd7NV6SpUbKe9p1fhihM29R/ox3rO
-
Darkcloud family
-
Guloader family
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
143e45d5929ba564ba0c3a0773be76e6
-
SHA1
c7e108ad681dd19afc646a43f7ce757388653f57
-
SHA256
8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d
-
SHA512
1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003
-
SSDEEP
96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN
Score3/10 -