General
-
Target
ketamine.exe
-
Size
25.8MB
-
Sample
240701-m9sl5a1fkn
-
MD5
7b513480b32c6038e61413461664063c
-
SHA1
e12e1f035da33f435ac5723e59502f2a0a4345de
-
SHA256
b69a4fef963a0d91d405a3f2094581ef22bfe0e6aa0c67a10eb560a683f6e606
-
SHA512
b16c36a2bf5587c8b72ec2ff56e20f3b09d1880d6592ce83f9f7442ce1705f7b553c314f2890a7fc1a47c0d0675d7836602d0600ef2627ade83432d9852d3655
-
SSDEEP
393216:to9DM45UUDtSJurEUWjagZewBm6bjHTw6:S9N6cYdb9ZewBmUHJ
Behavioral task
behavioral1
Sample
ketamine.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ketamine.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
ketamine.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
ketamine.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
ketamine.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
ketamine.exe
-
Size
25.8MB
-
MD5
7b513480b32c6038e61413461664063c
-
SHA1
e12e1f035da33f435ac5723e59502f2a0a4345de
-
SHA256
b69a4fef963a0d91d405a3f2094581ef22bfe0e6aa0c67a10eb560a683f6e606
-
SHA512
b16c36a2bf5587c8b72ec2ff56e20f3b09d1880d6592ce83f9f7442ce1705f7b553c314f2890a7fc1a47c0d0675d7836602d0600ef2627ade83432d9852d3655
-
SSDEEP
393216:to9DM45UUDtSJurEUWjagZewBm6bjHTw6:S9N6cYdb9ZewBmUHJ
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-