General
-
Target
4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1
-
Size
1.9MB
-
Sample
220625-j6ts8scfhl
-
MD5
af660b2f594ebabe05a4c4aa117d24f3
-
SHA1
f16395923445903b3ef674ff250c91b70c87a4aa
-
SHA256
4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1
-
SHA512
b015b24fb7fc445b8f568e46a153acbc18f56705d4af6a05c3cd8ab7c38643ced16ee06c6240cd7b14b4bf71cd849aa3f22ca5db76f7ca2a2ead1469bda754ad
Static task
static1
Behavioral task
behavioral1
Sample
4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1.exe
Resource
win7-20220414-en
Malware Config
Extracted
socelars
http://www.zhxxjs.pw/Info/
http://www.allinfo.pw/
Targets
-
-
Target
4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1
-
Size
1.9MB
-
MD5
af660b2f594ebabe05a4c4aa117d24f3
-
SHA1
f16395923445903b3ef674ff250c91b70c87a4aa
-
SHA256
4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1
-
SHA512
b015b24fb7fc445b8f568e46a153acbc18f56705d4af6a05c3cd8ab7c38643ced16ee06c6240cd7b14b4bf71cd849aa3f22ca5db76f7ca2a2ead1469bda754ad
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-