General
-
Target
f063a5ece410738e966ca8f7d3b3a495.exe
-
Size
1.5MB
-
Sample
211125-vcadaafghn
-
MD5
f063a5ece410738e966ca8f7d3b3a495
-
SHA1
ec19108520ac2ebeb27b231e7053bd0b710c90d2
-
SHA256
17486a31039fa56636c672dba5f9ab12178f888839f41137416b4f85f2affdcb
-
SHA512
92c0dedc40eb45e15bb1b88529b71585fc1591183b33b825a5eb3d13d02b2ba9b41602c61c7a23719429ae2c654b1d62e3a336cd6e90edd34a791859bd7aed32
Static task
static1
Behavioral task
behavioral1
Sample
f063a5ece410738e966ca8f7d3b3a495.exe
Resource
win7-en-20211104
Malware Config
Extracted
socelars
http://www.ecgbg.com/
Targets
-
-
Target
f063a5ece410738e966ca8f7d3b3a495.exe
-
Size
1.5MB
-
MD5
f063a5ece410738e966ca8f7d3b3a495
-
SHA1
ec19108520ac2ebeb27b231e7053bd0b710c90d2
-
SHA256
17486a31039fa56636c672dba5f9ab12178f888839f41137416b4f85f2affdcb
-
SHA512
92c0dedc40eb45e15bb1b88529b71585fc1591183b33b825a5eb3d13d02b2ba9b41602c61c7a23719429ae2c654b1d62e3a336cd6e90edd34a791859bd7aed32
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-