General
-
Target
b3d279a0e5ebe89c26bb9f15f6d2c13234cbc81d43ab43b781cac355f21d20e1
-
Size
841KB
-
Sample
220521-w665sabag6
-
MD5
5afba39f60b9df41fd44ff65f23f21ab
-
SHA1
9f35885766fd63cb44dceef3e49960c58d10ecb8
-
SHA256
b3d279a0e5ebe89c26bb9f15f6d2c13234cbc81d43ab43b781cac355f21d20e1
-
SHA512
264b83b68c655ba2fa4073f8653117e77d22d3fd78b4e292ccc91edd978be93bf5860101c65d6a8df1dde20a44f3560adc240e1f7ef0613d97e121cffff28cba
Static task
static1
Behavioral task
behavioral1
Sample
??QQ????.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
??QQ????.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Temp.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Temp.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
??QQ????.url
-
Size
126B
-
MD5
9f36733525857a875b9aa9b0dc78da08
-
SHA1
9b7bf725cc7a90bf159ad1958b043adb16e36a9e
-
SHA256
97c3de62e4bf28be46b48a65a349d3ab190ebad5602b8c6e92230d0a1c432ad2
-
SHA512
72cb12cd8257add1e58d436f69c1f9d6cbfe515a172608943f30e46db376be5873a0ba6c58f81a269b6758419a4ea6b56cfd2dc40d86b4ffab47f0e90815ac85
Score6/10-
Adds Run key to start application
-
-
-
Target
Temp.exe
-
Size
1.7MB
-
MD5
7f915b8e7ad0130c05398792187d115f
-
SHA1
df292be5f2d3f3076d5c563375359c5d4d06e1b7
-
SHA256
c83827b5f37172f7023641b9089da7ca3f424f113501d74809974d3053eb406f
-
SHA512
ce029ffd4c1c699fdc023466b9dbe645f609fe60f9340deb95eab5d3becd780a9492df828f8964181992c86197f9f808e2ba1d28bf30c0207bbde796bf60a261
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-