General
-
Target
bb8dba7e21b5f0720407e0acdde6a34e.exe
-
Size
373KB
-
Sample
220521-rzl4tachgp
-
MD5
bb8dba7e21b5f0720407e0acdde6a34e
-
SHA1
27e708c7940708ec158245bfb7f9f671f6664b13
-
SHA256
d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a
-
SHA512
b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266
Static task
static1
Behavioral task
behavioral1
Sample
bb8dba7e21b5f0720407e0acdde6a34e.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
135.125.248.50:443
146.70.53.169:443
Targets
-
-
Target
bb8dba7e21b5f0720407e0acdde6a34e.exe
-
Size
373KB
-
MD5
bb8dba7e21b5f0720407e0acdde6a34e
-
SHA1
27e708c7940708ec158245bfb7f9f671f6664b13
-
SHA256
d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a
-
SHA512
b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-