General
-
Target
1bbd218e470d39b0109a979d1762904d.exe
-
Size
1.4MB
-
Sample
211231-krlprafcaq
-
MD5
1bbd218e470d39b0109a979d1762904d
-
SHA1
081ad7822d77f4c97c18c59f17354530b1071057
-
SHA256
220e154fe520169c7f6a611ef5d59e897b3bdc4c55928219855cb9db1b62b81e
-
SHA512
0a3a38e8fd25abbac1a9e1e1d76b906bbb680ad8463ef3ad5b5e9249abcfe9b75eddac70b7ae82233be5f07a64ecb8eb448122d129346d492eee980ea48b87eb
Static task
static1
Behavioral task
behavioral1
Sample
1bbd218e470d39b0109a979d1762904d.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.chosenncrowned.com/
Targets
-
-
Target
1bbd218e470d39b0109a979d1762904d.exe
-
Size
1.4MB
-
MD5
1bbd218e470d39b0109a979d1762904d
-
SHA1
081ad7822d77f4c97c18c59f17354530b1071057
-
SHA256
220e154fe520169c7f6a611ef5d59e897b3bdc4c55928219855cb9db1b62b81e
-
SHA512
0a3a38e8fd25abbac1a9e1e1d76b906bbb680ad8463ef3ad5b5e9249abcfe9b75eddac70b7ae82233be5f07a64ecb8eb448122d129346d492eee980ea48b87eb
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-