General
-
Target
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
-
Size
471KB
-
Sample
220203-sv5k2abad2
-
MD5
2ab5df8bedd64d6f06b3e885ae422cd0
-
SHA1
cf1f4cdf495a05eb143e5448eee6ee4ce527108e
-
SHA256
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
-
SHA512
587ca78b25c4498d5402d0a35ec55f1a693866507e0c5a9d30ac8f3e910e5256c906966a14de209b8fb1dffde3cc10d5759344a175ee4cfbb75e5bdcd982d30d
Static task
static1
Behavioral task
behavioral1
Sample
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
https://cdn.discordapp.com/attachments/858084271553249342/863039759001452564/Main.png
Targets
-
-
Target
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
-
Size
471KB
-
MD5
2ab5df8bedd64d6f06b3e885ae422cd0
-
SHA1
cf1f4cdf495a05eb143e5448eee6ee4ce527108e
-
SHA256
bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
-
SHA512
587ca78b25c4498d5402d0a35ec55f1a693866507e0c5a9d30ac8f3e910e5256c906966a14de209b8fb1dffde3cc10d5759344a175ee4cfbb75e5bdcd982d30d
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-