General
-
Target
20f9b50cb0623cd75c5fcb3a2052410ccec45eeeb5c061eebe900567c6a3a2a3
-
Size
1.9MB
-
Sample
220612-l26ncaced4
-
MD5
2c308b3099cc4cff7bd63741a26bc9bd
-
SHA1
34eedf4616bf2e8bad5bab7a73eb5f44ff71cf93
-
SHA256
20f9b50cb0623cd75c5fcb3a2052410ccec45eeeb5c061eebe900567c6a3a2a3
-
SHA512
63904ea8cd091715728322e571efba72e4f376b6fef37de5ad69d972083362f42f45a4f48e52697ff443e10fd4a53eb82cc063721fb1ce2eec5400c3f4751b20
Static task
static1
Behavioral task
behavioral1
Sample
20f9b50cb0623cd75c5fcb3a2052410ccec45eeeb5c061eebe900567c6a3a2a3.exe
Resource
win7-20220414-en
Malware Config
Extracted
socelars
http://www.zhxxjs.pw/Info/
http://www.allinfo.pw/
Targets
-
-
Target
20f9b50cb0623cd75c5fcb3a2052410ccec45eeeb5c061eebe900567c6a3a2a3
-
Size
1.9MB
-
MD5
2c308b3099cc4cff7bd63741a26bc9bd
-
SHA1
34eedf4616bf2e8bad5bab7a73eb5f44ff71cf93
-
SHA256
20f9b50cb0623cd75c5fcb3a2052410ccec45eeeb5c061eebe900567c6a3a2a3
-
SHA512
63904ea8cd091715728322e571efba72e4f376b6fef37de5ad69d972083362f42f45a4f48e52697ff443e10fd4a53eb82cc063721fb1ce2eec5400c3f4751b20
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-