General
-
Target
ManLearningCourse-main.zip
-
Size
31KB
-
Sample
221207-henmgada76
-
MD5
8411510e0b467c89cbef0fa6e87b7408
-
SHA1
2acfabc19fef7a85a4aa835ca1a78a1886cb5b62
-
SHA256
936f9446a395968cd7a9fb02f695ff68b550f04ecef14db94ab8aa5f33ee7208
-
SHA512
0608619c9340122c42e48b67acecdeb9d2891411be9e1c5dbfbcdfc9a07bc19df7668972dae86ddcb1e8ab2a4da98e7ed76ab117b661e4c36cf1caa9a9545f71
-
SSDEEP
768:58dW2W2PD4/0y8/IbkbEXHGk55hFfy9Kysgvh7Ko/5zCnlfr:5iW7MKtrXHGk55hFKBsChpxzmfr
Behavioral task
behavioral1
Sample
ManLearningCourse-main/windll32.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
ManLearningCourse-main/windll32.exe
-
Size
57KB
-
MD5
3c7f22b2aec2778946449c555b71abf9
-
SHA1
230eb5af23d0fd72331f056e4b6bdb3d43c6671a
-
SHA256
51db4d2c54e299ae26b3085633aa79476560f9a2f5cc4328683cdee5fb6591fe
-
SHA512
cd1a439ba1b8e11d7203ed5cbe145245017ab8980feb08c3786ebb493b847cfab9934eb4fff3bc99f71594c05092c31fe78a6a86bfa2fa4089ee9ebd5afee85b
-
SSDEEP
1536:8uYH9T34l26qvDm3bbXSMZyuB3ibtdXxKDHz/kP0N:8uYdT34l26QDm3bbFl2t1xKXkP0N
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-