General
-
Target
BookLot.17.2102.1pawk.exe
-
Size
69.7MB
-
Sample
210421-zzmcha2yex
-
MD5
262dbc70f4b9486ac7b7fcd6d3461a45
-
SHA1
895c8588764e11e410921928d10784771744f1a1
-
SHA256
ed9e5b3986147c79fff860e2fe5597cc2f34762adc8c84000c8734b8fb0dc808
-
SHA512
fa3bede3ed0fbf2a701b2d9ac68a9e2e4d726e05913ea375d15ffef3a0a3c439957eb358b0ebcb79c9b608921bce69e87ae575ab7a56dc36c0773360b25b7bce
Static task
static1
Behavioral task
behavioral1
Sample
BookLot.17.2102.1pawk.exe
Resource
win10v20210408
Behavioral task
behavioral2
Sample
BookLot.17.2102.1pawk.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
BookLot.17.2102.1pawk.exe
-
Size
69.7MB
-
MD5
262dbc70f4b9486ac7b7fcd6d3461a45
-
SHA1
895c8588764e11e410921928d10784771744f1a1
-
SHA256
ed9e5b3986147c79fff860e2fe5597cc2f34762adc8c84000c8734b8fb0dc808
-
SHA512
fa3bede3ed0fbf2a701b2d9ac68a9e2e4d726e05913ea375d15ffef3a0a3c439957eb358b0ebcb79c9b608921bce69e87ae575ab7a56dc36c0773360b25b7bce
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-