General
-
Target
cbc8f0215f9f14b78f221528abe36567a1b05a2a92dd4b7d5eff4e47c44b3072
-
Size
801KB
-
Sample
211208-nrs1lscgf2
-
MD5
3a29becaaebc1b54fb0ab3ff2ff67d9f
-
SHA1
75e1282e351a1a742ba08b3802ab2a99664ba8aa
-
SHA256
cbc8f0215f9f14b78f221528abe36567a1b05a2a92dd4b7d5eff4e47c44b3072
-
SHA512
d4cc7732cdd097216f11557786604ead58958f19a6ba5b2ccb6a839c2bbe67755d9a633eb885ed8e94f729b1465954cf9c77c6fc80c276a31a6f9922a232bff3
Static task
static1
Behavioral task
behavioral1
Sample
cbc8f0215f9f14b78f221528abe36567a1b05a2a92dd4b7d5eff4e47c44b3072.exe
Resource
win10-en-20211014
Malware Config
Extracted
http://haohm.502ok.com/hm
Targets
-
-
Target
cbc8f0215f9f14b78f221528abe36567a1b05a2a92dd4b7d5eff4e47c44b3072
-
Size
801KB
-
MD5
3a29becaaebc1b54fb0ab3ff2ff67d9f
-
SHA1
75e1282e351a1a742ba08b3802ab2a99664ba8aa
-
SHA256
cbc8f0215f9f14b78f221528abe36567a1b05a2a92dd4b7d5eff4e47c44b3072
-
SHA512
d4cc7732cdd097216f11557786604ead58958f19a6ba5b2ccb6a839c2bbe67755d9a633eb885ed8e94f729b1465954cf9c77c6fc80c276a31a6f9922a232bff3
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-