General
-
Target
C1449224FE94853D6FFE4665A33FF285.exe
-
Size
17.4MB
-
Sample
210723-armp78rcrs
-
MD5
c1449224fe94853d6ffe4665a33ff285
-
SHA1
00c1eed0f221fd5b1b4969718474876a253abb18
-
SHA256
6984fbcdc07aa5d975b4f6742888e3185d6091440b0b76bce13ca81d2a7f931e
-
SHA512
0f8bb805b2f0fc4574d2673c71551f6432f8786a62aa7d1cb05b943620c2d8af2b6b85194fbcee03e8e35268aee869f8c892d230db7834516f5e2e195f4fa5d5
Static task
static1
Behavioral task
behavioral1
Sample
C1449224FE94853D6FFE4665A33FF285.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
C1449224FE94853D6FFE4665A33FF285.exe
-
Size
17.4MB
-
MD5
c1449224fe94853d6ffe4665a33ff285
-
SHA1
00c1eed0f221fd5b1b4969718474876a253abb18
-
SHA256
6984fbcdc07aa5d975b4f6742888e3185d6091440b0b76bce13ca81d2a7f931e
-
SHA512
0f8bb805b2f0fc4574d2673c71551f6432f8786a62aa7d1cb05b943620c2d8af2b6b85194fbcee03e8e35268aee869f8c892d230db7834516f5e2e195f4fa5d5
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-