General
-
Target
$RPAIWC9.exe
-
Size
18.9MB
-
Sample
240630-1v8axszfmp
-
MD5
b68a3093e0f77802255c0c21ab540b7b
-
SHA1
762d66d54be02964d5e8ab4dc2695d66fe484c6a
-
SHA256
66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754
-
SHA512
4ff87677faf9903c86d9cbfc73e5972b88a922682797e358c83b916aa5681b0063e2c748076c1b3f6f9b99e169da4c0fd8cefc3e3c7b2c6203edba647a953a4c
-
SSDEEP
393216:3xAlniYXPu8BRq/m3pznlPSF3VqevE8LzdChd1lr:OliYXP5qKznlEqescsl
Behavioral task
behavioral1
Sample
$RPAIWC9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
$RPAIWC9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
$RPAIWC9.exe
-
Size
18.9MB
-
MD5
b68a3093e0f77802255c0c21ab540b7b
-
SHA1
762d66d54be02964d5e8ab4dc2695d66fe484c6a
-
SHA256
66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754
-
SHA512
4ff87677faf9903c86d9cbfc73e5972b88a922682797e358c83b916aa5681b0063e2c748076c1b3f6f9b99e169da4c0fd8cefc3e3c7b2c6203edba647a953a4c
-
SSDEEP
393216:3xAlniYXPu8BRq/m3pznlPSF3VqevE8LzdChd1lr:OliYXP5qKznlEqescsl
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-