General
-
Target
2ed3b7df43bc0b380a96bdbfbf6d7137af14fd712a604b361a8c01675c0c0149
-
Size
11.6MB
-
Sample
221126-e5mw3sca72
-
MD5
048caeafe3f00631dec0928e3f486e84
-
SHA1
c562f85e166e2db155c80cda7d18c766b74cec38
-
SHA256
2ed3b7df43bc0b380a96bdbfbf6d7137af14fd712a604b361a8c01675c0c0149
-
SHA512
995e08d4828b896c99ade5718e6a19841a41a29c381f6a19df801d7a44f6cb8e97cfd91face724eda8ce4cfe40f168fe7ea9c58aad0d4f7ca0605a051a06d301
-
SSDEEP
196608:psLDOM/dumuQrGuMGlB2eFdjdNv0HbDtQVEJNxtuLceimLRO2T/yQXjbDong7+pA:+La0G8KeFfK3tQWJNYceJLRrug/jhrt
Static task
static1
Behavioral task
behavioral1
Sample
2ed3b7df43bc0b380a96bdbfbf6d7137af14fd712a604b361a8c01675c0c0149.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
2ed3b7df43bc0b380a96bdbfbf6d7137af14fd712a604b361a8c01675c0c0149
-
Size
11.6MB
-
MD5
048caeafe3f00631dec0928e3f486e84
-
SHA1
c562f85e166e2db155c80cda7d18c766b74cec38
-
SHA256
2ed3b7df43bc0b380a96bdbfbf6d7137af14fd712a604b361a8c01675c0c0149
-
SHA512
995e08d4828b896c99ade5718e6a19841a41a29c381f6a19df801d7a44f6cb8e97cfd91face724eda8ce4cfe40f168fe7ea9c58aad0d4f7ca0605a051a06d301
-
SSDEEP
196608:psLDOM/dumuQrGuMGlB2eFdjdNv0HbDtQVEJNxtuLceimLRO2T/yQXjbDong7+pA:+La0G8KeFfK3tQWJNYceJLRrug/jhrt
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-