General
-
Target
3a207f5fc89f1c9417f1a326178de80c72fb719fa9f3680507381561550b6f85
-
Size
333KB
-
Sample
221125-yafztsdd71
-
MD5
4092ffea74c6faabaa49e5fbf61993d4
-
SHA1
90483019ddaf1353bd3f38ff55b104e42c792397
-
SHA256
3a207f5fc89f1c9417f1a326178de80c72fb719fa9f3680507381561550b6f85
-
SHA512
bf9ef76c4d7950038133b7c8423a83c4f9fa1055f00821e229881239a222d0061d3591a948c020d96199c87111f33aa97fbabf01e18ff6923e39a2e121cef635
-
SSDEEP
6144:UpeUb2Y35J9L7QGx4fCsi/FT1cZ587N/j6AfiN75EhBVxgrY:ULbP5J6fzuDcg7RZeFEBwY
Static task
static1
Behavioral task
behavioral1
Sample
Vale_Presente.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Vale_Presente.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Vale_Presente.exe
-
Size
1.7MB
-
MD5
ea6ffad92153412e5237665c82c78799
-
SHA1
db71dca3183cb79d10cde3153d2c7eab4d6ad7d2
-
SHA256
f5a5f9093b00de4ab3740188f75612847e94551cba90878519637d86b5355e01
-
SHA512
ed13c783bfc614d2ed1c3b31e22cef33234c5ad77d1017f9368d5a6542a98325496f119a78fdc80bc92f1faa31ef06f079d8023e154ea6f987479bc06add5ae3
-
SSDEEP
3072:dwvqbFtkEyWvXFPmy/DA/cZd0SzsZpzbwgWamdUHGNFopPF1XeRBIytGVXi8FrTN:jDycXI6lZij/1TGFo5F1DXRDXy1
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-