General
-
Target
l.exe
-
Size
17.7MB
-
Sample
240707-3dkveatdlc
-
MD5
97d0b0eb410c575ef020db2f7dae77d8
-
SHA1
dd0795ccc99338c77ffbff2331663e5cc50104f3
-
SHA256
c256d7f8fb7fe29a44aaac1657d21af416ff948eea9248d5cd4a0e8351b87d4d
-
SHA512
8992e444fa763f780b7b983b9e4caf9a3f444d185cf3ce47b0fe69476f9b48c46294d58f671c7a2b9ecdf8ae7ca8a17f9a5696cf36b44c8cb5218483bf204c62
-
SSDEEP
393216:xqPnLFXlrSQ8DOETgsvfGAgL1vE011g3wq:YPLFXNSQhEFkqAgp
Behavioral task
behavioral1
Sample
l.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
l.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
l.exe
-
Size
17.7MB
-
MD5
97d0b0eb410c575ef020db2f7dae77d8
-
SHA1
dd0795ccc99338c77ffbff2331663e5cc50104f3
-
SHA256
c256d7f8fb7fe29a44aaac1657d21af416ff948eea9248d5cd4a0e8351b87d4d
-
SHA512
8992e444fa763f780b7b983b9e4caf9a3f444d185cf3ce47b0fe69476f9b48c46294d58f671c7a2b9ecdf8ae7ca8a17f9a5696cf36b44c8cb5218483bf204c62
-
SSDEEP
393216:xqPnLFXlrSQ8DOETgsvfGAgL1vE011g3wq:YPLFXNSQhEFkqAgp
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1