General
-
Target
file.exe
-
Size
7.2MB
-
Sample
230207-b4865scb2t
-
MD5
252dce28cead6f65eda67869eda6c221
-
SHA1
faa68532b5b1947ddd22e1a70319d612c8e02d9f
-
SHA256
9f236e3b2f3a95af60bf5ffea2a532de08ae0c17c80f450ae5b5f0bdc800830d
-
SHA512
27e7b531376ea5d20191c30ddb601dc56ee56bac746308eeb05067230da162bf053819ae5a13652ff1ed7fef0b55d9f8c0dd87ceab9d85146e3256505ce01223
-
SSDEEP
196608:91OHwcbmqSAtQv7GkKPZGbXqVq/ENoXkOwrVTxl:3OQcyqSA6vwhGrquyoXYl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
7.2MB
-
MD5
252dce28cead6f65eda67869eda6c221
-
SHA1
faa68532b5b1947ddd22e1a70319d612c8e02d9f
-
SHA256
9f236e3b2f3a95af60bf5ffea2a532de08ae0c17c80f450ae5b5f0bdc800830d
-
SHA512
27e7b531376ea5d20191c30ddb601dc56ee56bac746308eeb05067230da162bf053819ae5a13652ff1ed7fef0b55d9f8c0dd87ceab9d85146e3256505ce01223
-
SSDEEP
196608:91OHwcbmqSAtQv7GkKPZGbXqVq/ENoXkOwrVTxl:3OQcyqSA6vwhGrquyoXYl
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-