General
-
Target
adcbede09da13c2aa1e14aa9bb91817c
-
Size
310KB
-
Sample
220715-dn5j5adacq
-
MD5
adcbede09da13c2aa1e14aa9bb91817c
-
SHA1
63645ff0957d234eaec0141922208c70181cd70a
-
SHA256
31a8918d1ea465e8130afd39e4ff6335692756ffde95a840aff0bc0a7565cdf2
-
SHA512
929d124db01e627293248ffa4c242c9e4c769242e1db4ff76b422b23cee7d5dafc9dceb77c63338884967a4fbdcb986d93a9444da3b96b6b87953aa9f8422402
Static task
static1
Behavioral task
behavioral1
Sample
adcbede09da13c2aa1e14aa9bb91817c.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
adcbede09da13c2aa1e14aa9bb91817c
-
Size
310KB
-
MD5
adcbede09da13c2aa1e14aa9bb91817c
-
SHA1
63645ff0957d234eaec0141922208c70181cd70a
-
SHA256
31a8918d1ea465e8130afd39e4ff6335692756ffde95a840aff0bc0a7565cdf2
-
SHA512
929d124db01e627293248ffa4c242c9e4c769242e1db4ff76b422b23cee7d5dafc9dceb77c63338884967a4fbdcb986d93a9444da3b96b6b87953aa9f8422402
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-