General
-
Target
F0RMULAR10_5403797_IWP6.zip.zip
-
Size
3.6MB
-
Sample
201121-ktz427mndj
-
MD5
b82073bb61200cb0dc358d664abf89bd
-
SHA1
ef31407463199705a282c11b579efc1bcb4c7ae0
-
SHA256
ffe38b484df3b5fc6fe199474e9426773d2d424637e3714f2c6f64518e6aa4db
-
SHA512
0f229378d2cb850f9f786809a946e7880c1ecef00fc6d28ccdedffb829ac599a4dea03b84ef85966a18245f213cb96457cc9d17f8ace4483af264c19e08724da
Static task
static1
Behavioral task
behavioral1
Sample
534867_DOCTOURElC.msi
Resource
win10v20201028
Behavioral task
behavioral2
Sample
534867_DOCTOURElC.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
534867_DOCTOURElC.msi
-
Size
9.8MB
-
MD5
bf69b794fe2b921f1cbafd3ec1e6c733
-
SHA1
22464766695801e76be5b86978a57c3d7bc3c9be
-
SHA256
dacf7e5ad5c8d564f185a961faa76018f2ba3c43dfcda03b33546bbbeb78d9fc
-
SHA512
b33a8d903fe6e474424b3c0a1212b10df35cfb4784c9289f29b4f408b530c936c8c7a14b8dc213fd983668e368997fd932131b07334c41bd2d3129cefc383b46
Score9/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-