General
-
Target
'Infected' (DriverPack).zip
-
Size
8.4MB
-
Sample
220628-rr6hgsbgb3
-
MD5
c82014d6d6f294a605558fb3a9c0e89e
-
SHA1
f5aaa7fb0379f54b447790abb1ee28757634e985
-
SHA256
b43f9d1d81734d9f900e7047378d0aed67741fbf22c1b1b753a70677551ea49b
-
SHA512
c0b922955921c5a2b57c225ff1bf2ca1245410cbdd63b7d3107270b2351a4928ed5713b6a062d18a53efebdf2d1941f27cff2fb9be593f725a12cf632a5fceed
Static task
static1
Behavioral task
behavioral1
Sample
DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral2
Sample
DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe
Resource
win11-20220223-en
Malware Config
Targets
-
-
Target
DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe
-
Size
8.6MB
-
MD5
ff95f4df8c378534fb1a0978a1af81de
-
SHA1
4b9d7167774a89fd9cad3093341e2cab2913f96b
-
SHA256
610b44ef29643f5bfc1bf571e13e92155856eabac8706f45ea040da2ed48ea14
-
SHA512
0f2014cfccd29806db02c84adeb8b673b4d07b8c38795e6b47d73d91ba6c90d4645a636b6f29684fdc3a6f0aa4889645cd60b6401e82a7d22b6fc12030354db4
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-