General
-
Target
WinRAR.zip
-
Size
4.6MB
-
Sample
221124-yg7fcseg26
-
MD5
264a685537b52cb5a2d3237f2ac49820
-
SHA1
d02beb7a2776aad690658bd41ac45b773dd8e56c
-
SHA256
aa24ce75db9c573a6e1f17923157ac37dcc080f5f248874731db78334eab76bd
-
SHA512
dc570151d6119a05e0812f75ce756beab63e0df7e3f84479b25454f8cbf44a6a80b3e6527c43d54841d909f801ca1ae24af8cbb93556219cccf4ef18cd391b31
-
SSDEEP
98304:/dru7aNgy3mV3T3RqUgHVmfdqVbdUW11YKBgfEBuDT2k:/tuolAdJgHVmlqHUAYag2KTt
Static task
static1
Behavioral task
behavioral1
Sample
wrar401.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
wrar401.exe
-
Size
4.6MB
-
MD5
75e38ca41d5d7aad3812f23929b8b5f0
-
SHA1
4fd0c5ad493489a9741f8ec41ca4c984158ce39b
-
SHA256
936d435ddbfcaa21c9c701d8472367f0bd7992834e9dda1c8eeebf1b06ad3018
-
SHA512
cca1aa74b6b199a0b6d056686728598a015ef85df6c50aebc19e59b6b43839c3d91a0ea9323210b39bdef1fa852a58e940b099fcd68ea0c67557f7e86ddfb91c
-
SSDEEP
98304:npTFjZOpPOKvL6AwSRg9ZXznICl4OYn3s1Hpt+xrFqF1NrblGfzqINtForkDe2:nsmKG4Gv0Clgn8NyxUbllEzqINXKkN
Score10/10-
Modifies system executable filetype association
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-