General
-
Target
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9
-
Size
328KB
-
Sample
221128-clwzjaca7z
-
MD5
65d63d237251c492c7c2a8617c40b53e
-
SHA1
80d06e4ed07626bcf0312b4022014cdbda934c9a
-
SHA256
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9
-
SHA512
f9263beb29fcaa3db667866892783fd57b7ad51e8ea48703fc1b610416aa282c1e55e254cd10b510e6d327ed70a1004ef708048ece60032bd399b756973c2e40
-
SSDEEP
6144:qLAJ3I3pnzOwewUqjxGTw8NMM8iH+C+MJKzb3n3jMR/mriB9ph:qLg3I3pnzORwRjxG3i8H+C+2oLnLe
Static task
static1
Behavioral task
behavioral1
Sample
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1214520366-621468234-4062160515-1000\Recovery+kumde.txt
http://ytrest84y5i456hghadefdsd.pontogrot.com/831A6C6B4A1A39A2
http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/831A6C6B4A1A39A2
http://5rport45vcdef345adfkksawe.bematvocal.at/831A6C6B4A1A39A2
http://xlowfznrg4wf7dli.onion/831A6C6B4A1A39A2
http://xlowfznrg4wf7dli.ONION/831A6C6B4A1A39A2
Extracted
C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\Recovery+bmdcp.txt
http://ytrest84y5i456hghadefdsd.pontogrot.com/39EAFB843DFE4ED3
http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/39EAFB843DFE4ED3
http://5rport45vcdef345adfkksawe.bematvocal.at/39EAFB843DFE4ED3
http://xlowfznrg4wf7dli.onion/39EAFB843DFE4ED3
http://xlowfznrg4wf7dli.ONION/39EAFB843DFE4ED3
Targets
-
-
Target
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9
-
Size
328KB
-
MD5
65d63d237251c492c7c2a8617c40b53e
-
SHA1
80d06e4ed07626bcf0312b4022014cdbda934c9a
-
SHA256
ad754d6d382007f1d57142787b9fa309fb0a94b0e6c340d24327ae3e1c4d1cd9
-
SHA512
f9263beb29fcaa3db667866892783fd57b7ad51e8ea48703fc1b610416aa282c1e55e254cd10b510e6d327ed70a1004ef708048ece60032bd399b756973c2e40
-
SSDEEP
6144:qLAJ3I3pnzOwewUqjxGTw8NMM8iH+C+MJKzb3n3jMR/mriB9ph:qLg3I3pnzORwRjxG3i8H+C+2oLnLe
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-