General
-
Target
b5bd36fa3b85bd04ce7b4205363d0ffe.exe
-
Size
1.4MB
-
Sample
220101-j415jagabq
-
MD5
b5bd36fa3b85bd04ce7b4205363d0ffe
-
SHA1
604dfdc91044e7ec222b065d87f192d6ad73091f
-
SHA256
dc99510c2660ee64b95820e61184f27d7dda8391f44804c6fe0d045bd106ae56
-
SHA512
da19047bb2eb44fc8dfc5e2a1a1a44d4eb3334d2a674a77d6df65ccd72d777a5ed0c07e446b5dc0c24ae1c194ca3e56477ea2422b09b38762bc1d40bda872151
Static task
static1
Behavioral task
behavioral1
Sample
b5bd36fa3b85bd04ce7b4205363d0ffe.exe
Resource
win7-en-20211208
Malware Config
Extracted
socelars
http://www.chosenncrowned.com/
Targets
-
-
Target
b5bd36fa3b85bd04ce7b4205363d0ffe.exe
-
Size
1.4MB
-
MD5
b5bd36fa3b85bd04ce7b4205363d0ffe
-
SHA1
604dfdc91044e7ec222b065d87f192d6ad73091f
-
SHA256
dc99510c2660ee64b95820e61184f27d7dda8391f44804c6fe0d045bd106ae56
-
SHA512
da19047bb2eb44fc8dfc5e2a1a1a44d4eb3334d2a674a77d6df65ccd72d777a5ed0c07e446b5dc0c24ae1c194ca3e56477ea2422b09b38762bc1d40bda872151
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-