General
-
Target
geris.exe
-
Size
634KB
-
Sample
210507-amdbrsfrxs
-
MD5
07407178322efcd6b0622a631f55ebec
-
SHA1
5a65257913637b2028fd765ec8991ccbe5f360ff
-
SHA256
e9e0c736b44df5d974c2f8d778871c8df70d96062c22ce98c9f955f2eedd10b6
-
SHA512
d5293e223376eb6bb711dbb15e94cbb352127660da9a5c7542ace70ffa8a79a150308ab0cc4d32291685294b320ff6cbf3009bcbb4c2156c970e71d9137c4ced
Static task
static1
Behavioral task
behavioral1
Sample
geris.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
geris.exe
-
Size
634KB
-
MD5
07407178322efcd6b0622a631f55ebec
-
SHA1
5a65257913637b2028fd765ec8991ccbe5f360ff
-
SHA256
e9e0c736b44df5d974c2f8d778871c8df70d96062c22ce98c9f955f2eedd10b6
-
SHA512
d5293e223376eb6bb711dbb15e94cbb352127660da9a5c7542ace70ffa8a79a150308ab0cc4d32291685294b320ff6cbf3009bcbb4c2156c970e71d9137c4ced
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-