General
-
Target
45030c923bb2b5332096bcd96b0fd463.exe
-
Size
1.5MB
-
Sample
211119-keqsyacge8
-
MD5
45030c923bb2b5332096bcd96b0fd463
-
SHA1
aa9cd1e35c471ef75710ad29ba2c54257d634613
-
SHA256
421c54c316ffe813da7690b6113c138af6cc2834cc9208edd8c42224bd6bd5a6
-
SHA512
c90e0ebf93276a87b08a871cb5ce91de2ecda116a898c531738c6953530b30c4d72101857cec3089480adf2cc6f65893a55cb6251c1bd531e4bc3b351e3604bc
Static task
static1
Behavioral task
behavioral1
Sample
45030c923bb2b5332096bcd96b0fd463.exe
Resource
win7-en-20211104
Malware Config
Extracted
socelars
http://www.gianninidesign.com/
Targets
-
-
Target
45030c923bb2b5332096bcd96b0fd463.exe
-
Size
1.5MB
-
MD5
45030c923bb2b5332096bcd96b0fd463
-
SHA1
aa9cd1e35c471ef75710ad29ba2c54257d634613
-
SHA256
421c54c316ffe813da7690b6113c138af6cc2834cc9208edd8c42224bd6bd5a6
-
SHA512
c90e0ebf93276a87b08a871cb5ce91de2ecda116a898c531738c6953530b30c4d72101857cec3089480adf2cc6f65893a55cb6251c1bd531e4bc3b351e3604bc
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-