General
-
Target
aca68203af0b0d04226e4f0a90b7eb7e320c488b0e20a64872bfcea0f07b2096
-
Size
319KB
-
Sample
221210-kvk8dsfc43
-
MD5
aad4844c41f3ecfa8237db11ae1e9124
-
SHA1
7457cf6352a6124fa95f0f6764899462402fd7db
-
SHA256
aca68203af0b0d04226e4f0a90b7eb7e320c488b0e20a64872bfcea0f07b2096
-
SHA512
99b745c7e5f7c8c97c2cf73baf05e9bc2717bb591edcd59e396d325ffb3a2939c983ce654c293040ee123a10d3d7534394b775f92feac5bb243b8ce286a3a4eb
-
SSDEEP
6144:z56jLzbORBEgTfR727E2AwGHH6dwwO0ZrrMC7C:z5G/bO3zjRJzwpRQEC
Static task
static1
Behavioral task
behavioral1
Sample
aca68203af0b0d04226e4f0a90b7eb7e320c488b0e20a64872bfcea0f07b2096.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
aca68203af0b0d04226e4f0a90b7eb7e320c488b0e20a64872bfcea0f07b2096
-
Size
319KB
-
MD5
aad4844c41f3ecfa8237db11ae1e9124
-
SHA1
7457cf6352a6124fa95f0f6764899462402fd7db
-
SHA256
aca68203af0b0d04226e4f0a90b7eb7e320c488b0e20a64872bfcea0f07b2096
-
SHA512
99b745c7e5f7c8c97c2cf73baf05e9bc2717bb591edcd59e396d325ffb3a2939c983ce654c293040ee123a10d3d7534394b775f92feac5bb243b8ce286a3a4eb
-
SSDEEP
6144:z56jLzbORBEgTfR727E2AwGHH6dwwO0ZrrMC7C:z5G/bO3zjRJzwpRQEC
-
Babadeda Crypter
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-