General
-
Target
7b5d9e5737b3b7a1110f13cb72ca5842.exe
-
Size
1.4MB
-
Sample
211225-pwrtsaacb8
-
MD5
7b5d9e5737b3b7a1110f13cb72ca5842
-
SHA1
d58ac8636e5f6eb29d03e8d9602b84a6d6282ae4
-
SHA256
2570e4529bf20097068a2c4077330b27a910a018ba9967ed3ddde93c6aa81662
-
SHA512
3924f8b86f36e44c22ec78852d6e10c950192603c3effcdcb3958264cca826d7118a031c41df0819526146bf16cab49de941cbdb1fbc89cb39b1f3ce5757c053
Static task
static1
Behavioral task
behavioral1
Sample
7b5d9e5737b3b7a1110f13cb72ca5842.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.chosenncrowned.com/
Targets
-
-
Target
7b5d9e5737b3b7a1110f13cb72ca5842.exe
-
Size
1.4MB
-
MD5
7b5d9e5737b3b7a1110f13cb72ca5842
-
SHA1
d58ac8636e5f6eb29d03e8d9602b84a6d6282ae4
-
SHA256
2570e4529bf20097068a2c4077330b27a910a018ba9967ed3ddde93c6aa81662
-
SHA512
3924f8b86f36e44c22ec78852d6e10c950192603c3effcdcb3958264cca826d7118a031c41df0819526146bf16cab49de941cbdb1fbc89cb39b1f3ce5757c053
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-