General
-
Target
Kamyroll_1.0.5_x64_en-US.msi
-
Size
22.6MB
-
Sample
230109-e1kadsge5z
-
MD5
12da7fea4ee30276be4b9ad361a003b7
-
SHA1
2d098dd0c2a683d3e14f73a72fe88012e7347c0a
-
SHA256
f63d1f23e72a4687b6e6e751a9cadab71830aa678cc21461d0e512b73b2e32ff
-
SHA512
1b213e3b3898ca70cca680a89815a183678710b1550b4c7167b8f2f817cf0a73c0b07c9901fadae392a915b8b55fe9cb7049ac6541047a14ca9c68fa63bd39eb
-
SSDEEP
393216:x1z9wvtr9CjOdUprFfa69uxhGcYnwo6qlUk2AxaeuEAvGzn/0vW1giBLWxL2L0:xx9wvtrsjOdgtaMuxhGPPAAkeAvGEW5I
Static task
static1
Behavioral task
behavioral1
Sample
Kamyroll_1.0.5_x64_en-US.msi
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
Kamyroll_1.0.5_x64_en-US.msi
-
Size
22.6MB
-
MD5
12da7fea4ee30276be4b9ad361a003b7
-
SHA1
2d098dd0c2a683d3e14f73a72fe88012e7347c0a
-
SHA256
f63d1f23e72a4687b6e6e751a9cadab71830aa678cc21461d0e512b73b2e32ff
-
SHA512
1b213e3b3898ca70cca680a89815a183678710b1550b4c7167b8f2f817cf0a73c0b07c9901fadae392a915b8b55fe9cb7049ac6541047a14ca9c68fa63bd39eb
-
SSDEEP
393216:x1z9wvtr9CjOdUprFfa69uxhGcYnwo6qlUk2AxaeuEAvGzn/0vW1giBLWxL2L0:xx9wvtrsjOdgtaMuxhGPPAAkeAvGEW5I
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-