General
-
Target
aa2de9267f0d37c5233e4dc8fefa6dba.exe
-
Size
1.4MB
-
Sample
211217-mas4lsebhq
-
MD5
aa2de9267f0d37c5233e4dc8fefa6dba
-
SHA1
bab448ce3c35a741926701a0c41a1185c00c223d
-
SHA256
1997da6df797093ae6f749c868261dc3d572208812f6e55fccac2f537c36b3c8
-
SHA512
c02c7abc8708b465c13ab47e71422de49d1e925f9cc7ff898392c5cef51474e80aaf991eb485085be9017850a97d003eecc05a5ee60ef615f824a4118dbe584f
Static task
static1
Behavioral task
behavioral1
Sample
aa2de9267f0d37c5233e4dc8fefa6dba.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.yarchworkshop.com/
Targets
-
-
Target
aa2de9267f0d37c5233e4dc8fefa6dba.exe
-
Size
1.4MB
-
MD5
aa2de9267f0d37c5233e4dc8fefa6dba
-
SHA1
bab448ce3c35a741926701a0c41a1185c00c223d
-
SHA256
1997da6df797093ae6f749c868261dc3d572208812f6e55fccac2f537c36b3c8
-
SHA512
c02c7abc8708b465c13ab47e71422de49d1e925f9cc7ff898392c5cef51474e80aaf991eb485085be9017850a97d003eecc05a5ee60ef615f824a4118dbe584f
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-