General
-
Target
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
-
Size
576KB
-
Sample
220521-b2q8jsfhgk
-
MD5
0103c868e27888648c251500988261fb
-
SHA1
bf4a68ce150b9c81a90f19614d8897ffb7e096fb
-
SHA256
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
-
SHA512
484d5d13efd3e8c750f206159e739dad5fb9e37e98f8160dcbbe750d7c647488932a1e88e5d3fffac8b81d1ab0133864beb36faef4cfd38cc6d05529b8e68cea
Static task
static1
Behavioral task
behavioral1
Sample
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
t.pl - Port:
587 - Username:
[email protected] - Password:
wSe4rftg6y7sedrftgy
Targets
-
-
Target
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
-
Size
576KB
-
MD5
0103c868e27888648c251500988261fb
-
SHA1
bf4a68ce150b9c81a90f19614d8897ffb7e096fb
-
SHA256
e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
-
SHA512
484d5d13efd3e8c750f206159e739dad5fb9e37e98f8160dcbbe750d7c647488932a1e88e5d3fffac8b81d1ab0133864beb36faef4cfd38cc6d05529b8e68cea
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-