General
-
Target
d42456f7afc812628a9ff67d8c9340eb.exe
-
Size
1.5MB
-
Sample
211125-vvvf6sgabk
-
MD5
d42456f7afc812628a9ff67d8c9340eb
-
SHA1
30f49d0f3d46cc9ccf8733247a0709555ad2099f
-
SHA256
a5b981c10065983578a2bca4399f901bd5a4e87b4ebe2d05c1f9971fb9fb36ac
-
SHA512
02de7cd71c5155ac5d08f7e432f5f3a138a6800d74479c4696cf877bbcf8fc99bbbf972a50991ca978b5416b89d76b6ab652a9d7315bc61b1baf23aacfdbd755
Static task
static1
Behavioral task
behavioral1
Sample
d42456f7afc812628a9ff67d8c9340eb.exe
Resource
win7-en-20211014
Malware Config
Extracted
socelars
http://www.ecgbg.com/
Targets
-
-
Target
d42456f7afc812628a9ff67d8c9340eb.exe
-
Size
1.5MB
-
MD5
d42456f7afc812628a9ff67d8c9340eb
-
SHA1
30f49d0f3d46cc9ccf8733247a0709555ad2099f
-
SHA256
a5b981c10065983578a2bca4399f901bd5a4e87b4ebe2d05c1f9971fb9fb36ac
-
SHA512
02de7cd71c5155ac5d08f7e432f5f3a138a6800d74479c4696cf877bbcf8fc99bbbf972a50991ca978b5416b89d76b6ab652a9d7315bc61b1baf23aacfdbd755
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-