General
-
Target
220d1bdd3850d83c15bdea776b7f64dc.exe
-
Size
1.4MB
-
Sample
211123-ygc7hsbban
-
MD5
220d1bdd3850d83c15bdea776b7f64dc
-
SHA1
b9ff97530fa895bcb8a4c0e27a4ab4f0291cf9f7
-
SHA256
69732c426f787827704e293c23d24caa7c5e7cf4d1bd65c2da5f4d7e45a342a0
-
SHA512
6775c063b4f77ea55370bbc7eb371a164eb774c065a88f684b24d3a36de9968f4c495bd3246cf68813e4f2e7c9c47b643e5397256e89f2c260a7f0019838f30c
Static task
static1
Behavioral task
behavioral1
Sample
220d1bdd3850d83c15bdea776b7f64dc.exe
Resource
win7-en-20211104
Malware Config
Extracted
socelars
http://www.ecgbg.com/
Targets
-
-
Target
220d1bdd3850d83c15bdea776b7f64dc.exe
-
Size
1.4MB
-
MD5
220d1bdd3850d83c15bdea776b7f64dc
-
SHA1
b9ff97530fa895bcb8a4c0e27a4ab4f0291cf9f7
-
SHA256
69732c426f787827704e293c23d24caa7c5e7cf4d1bd65c2da5f4d7e45a342a0
-
SHA512
6775c063b4f77ea55370bbc7eb371a164eb774c065a88f684b24d3a36de9968f4c495bd3246cf68813e4f2e7c9c47b643e5397256e89f2c260a7f0019838f30c
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-