General
-
Target
WS25_0_7_0_ENU.exe
-
Size
657.1MB
-
Sample
220513-rc2wrabcak
-
MD5
8b4dec978afa8a1cabf3c7a429ad1654
-
SHA1
84142670153b59e341830da322a49010ed3f652d
-
SHA256
a28965dccdc1105cd4f40fb73875fb83a0a53141d9fc65fc348d3acdbf3afffb
-
SHA512
efde88b6de72ec7a6ccbbc83d34c8e0bfa330265b1101e49e612f7fdb43a8872ba6128d7e9b5c5ee95497483b16f6ba0049d634bdeaf846f24885751b5b6ae45
Behavioral task
behavioral1
Sample
WS25_0_7_0_ENU.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
WS25_0_7_0_ENU.exe
-
Size
657.1MB
-
MD5
8b4dec978afa8a1cabf3c7a429ad1654
-
SHA1
84142670153b59e341830da322a49010ed3f652d
-
SHA256
a28965dccdc1105cd4f40fb73875fb83a0a53141d9fc65fc348d3acdbf3afffb
-
SHA512
efde88b6de72ec7a6ccbbc83d34c8e0bfa330265b1101e49e612f7fdb43a8872ba6128d7e9b5c5ee95497483b16f6ba0049d634bdeaf846f24885751b5b6ae45
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-