General
-
Target
dusers.exe
-
Size
207KB
-
Sample
220522-f254xsffg3
-
MD5
80adc9e5666a4b94fe1637f92d0611b0
-
SHA1
478bb364184d882005d0503c91a9929d81e89765
-
SHA256
eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143
-
SHA512
f7eac083f93f5022d8a580303a16c1e12532f6c0dc89e338eb7585d5233c52f39fa7b3e06c06511e6dc68e398151be30074346e66eaccb972f1c497a893d88de
Static task
static1
Behavioral task
behavioral1
Sample
dusers.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dusers.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Macromedia\index.html
Targets
-
-
Target
dusers.exe
-
Size
207KB
-
MD5
80adc9e5666a4b94fe1637f92d0611b0
-
SHA1
478bb364184d882005d0503c91a9929d81e89765
-
SHA256
eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143
-
SHA512
f7eac083f93f5022d8a580303a16c1e12532f6c0dc89e338eb7585d5233c52f39fa7b3e06c06511e6dc68e398151be30074346e66eaccb972f1c497a893d88de
Score10/10-
suricata: ET MALWARE BePush/Kilim payload retrieval
suricata: ET MALWARE BePush/Kilim payload retrieval
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-