General
-
Target
0c9e06cd1ff3dfc67fc97b3227229706.exe
-
Size
1.4MB
-
Sample
211226-vpp99saccn
-
MD5
0c9e06cd1ff3dfc67fc97b3227229706
-
SHA1
da09e182190dc6878faf6fcd80ccc4851424b71b
-
SHA256
7e20adf0139c25e9813e91435df14ef96ee8d55cccc10cf7450f194c33ed573c
-
SHA512
602fc5f5451174ed9099348d73234a7ff60a0947e25d2e4ca43da46edb5b5d25b47d59a1f2413752c7b69b7b4e5a2d80e23db3af26c057358b6f3ef9702c86eb
Static task
static1
Behavioral task
behavioral1
Sample
0c9e06cd1ff3dfc67fc97b3227229706.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.chosenncrowned.com/
Targets
-
-
Target
0c9e06cd1ff3dfc67fc97b3227229706.exe
-
Size
1.4MB
-
MD5
0c9e06cd1ff3dfc67fc97b3227229706
-
SHA1
da09e182190dc6878faf6fcd80ccc4851424b71b
-
SHA256
7e20adf0139c25e9813e91435df14ef96ee8d55cccc10cf7450f194c33ed573c
-
SHA512
602fc5f5451174ed9099348d73234a7ff60a0947e25d2e4ca43da46edb5b5d25b47d59a1f2413752c7b69b7b4e5a2d80e23db3af26c057358b6f3ef9702c86eb
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-