General
-
Target
c16bb1dc143768fd447c7058af1e049ec4da42ee7ab705f0f6e492b5c5f04657
-
Size
330KB
-
Sample
221125-yad58sdd7x
-
MD5
b3663580be966c43649bf38e7227c0ba
-
SHA1
611354029856acecd47f26c2145cbe855c5653de
-
SHA256
c16bb1dc143768fd447c7058af1e049ec4da42ee7ab705f0f6e492b5c5f04657
-
SHA512
27b65dcad937710eed8fb3a1fcb2a9e37e9c4caa215186763bc1f36023f0c073e9b89504d9cde62c34ed199fde838adb9b794e39d2d246b37eaee5ee470b0a50
-
SSDEEP
6144:CpeUL2Y35J9LBQ0x4XCsixFT10Z5S7N/j6AviNNx8O:CLLP5JMXz6D0e7RZONx8O
Static task
static1
Behavioral task
behavioral1
Sample
Vale_Presente.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Vale_Presente.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Vale_Presente.exe
-
Size
1.7MB
-
MD5
ea6ffad92153412e5237665c82c78799
-
SHA1
db71dca3183cb79d10cde3153d2c7eab4d6ad7d2
-
SHA256
f5a5f9093b00de4ab3740188f75612847e94551cba90878519637d86b5355e01
-
SHA512
ed13c783bfc614d2ed1c3b31e22cef33234c5ad77d1017f9368d5a6542a98325496f119a78fdc80bc92f1faa31ef06f079d8023e154ea6f987479bc06add5ae3
-
SSDEEP
3072:dwvqbFtkEyWvXFPmy/DA/cZd0SzsZpzbwgWamdUHGNFopPF1XeRBIytGVXi8FrTN:jDycXI6lZij/1TGFo5F1DXRDXy1
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-