General
-
Target
4035f19bb85c910a3928cdffcef5f372.exe
-
Size
1.4MB
-
Sample
211222-nf1w3sfcf9
-
MD5
4035f19bb85c910a3928cdffcef5f372
-
SHA1
cc23f01231b6785bf4818a25e8de7bf7131b4635
-
SHA256
b3d73e743f59f1d0efd96a02a156ecb4ed7375202b72c4a63fa2314728957ca5
-
SHA512
0ee1ad1765fe1fd3fafc2af65855f3d2b002e95e12a9342e6c56ac40a65fb021fcce60034703899306407023d27067e7fae26edd6eab24bc389f9437908451b6
Static task
static1
Behavioral task
behavioral1
Sample
4035f19bb85c910a3928cdffcef5f372.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.biohazardgraphics.com/
Targets
-
-
Target
4035f19bb85c910a3928cdffcef5f372.exe
-
Size
1.4MB
-
MD5
4035f19bb85c910a3928cdffcef5f372
-
SHA1
cc23f01231b6785bf4818a25e8de7bf7131b4635
-
SHA256
b3d73e743f59f1d0efd96a02a156ecb4ed7375202b72c4a63fa2314728957ca5
-
SHA512
0ee1ad1765fe1fd3fafc2af65855f3d2b002e95e12a9342e6c56ac40a65fb021fcce60034703899306407023d27067e7fae26edd6eab24bc389f9437908451b6
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-