General
-
Target
dream_4_8.rar
-
Size
12.0MB
-
Sample
220824-tsx9lshad3
-
MD5
0b47ec2e78e624ddd3408cffac960c6c
-
SHA1
7ab4cc7b49e4af86f7ea5fa6c1b398e6e1a256bd
-
SHA256
d048d065aa68750c85c3cb48c735374eb7e7789cbfd1e7fc69b29583d199397f
-
SHA512
59706fcb7151d0b1cde5cbf483ad9908a8fd44b1557db9f3be5dd6c92e0abb7d34ee37202c46b0b41bf684041d9acae35fb932f067d7992129fc178f2f9c3391
-
SSDEEP
393216:kg2YZ8sCTYCQb2tj/QP2WGpV+FWrq1T3u:d2M3yYSfu8Eu
Malware Config
Targets
-
-
Target
dream_4_8/install.bat
-
Size
38B
-
MD5
667537a1c25c3050eba77c74a343329f
-
SHA1
794df2143bd7bd07f9ade899d8fb1055b93236ea
-
SHA256
60e27d880d37915497117cecaf8919b5330ff908880451e937d4a83a8f563375
-
SHA512
19ec6064e8ed3ecf531bb8f051b88314c12e55dafd1380830acdf3496c3f863f8ba4dbb14a898cc4d2523846dfba5b021d4716b55781830be7fcf0bbae3dd011
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-