General
-
Target
tmp
-
Size
4.6MB
-
Sample
230227-k38cwscg85
-
MD5
2119454f1f9a29c77912e1516d3d3515
-
SHA1
0fca99af1dab9ef4916862636d757aab32bf680a
-
SHA256
4f99d5ecf7950954cb989832b5565380951c51f571ffc510fe5c96ba86025369
-
SHA512
03607d2126a702297e2264b6778b040d08d0f95787589dda7d9f5981eea49c8d6292f5eca1b1a5f824fb8f678c758ce74f833a992f88338033f24e76b7fdb74a
-
SSDEEP
98304:1zoHEVfXBZHFW1gIOMameDKvlkliXrMwi5kzQ+x2aCOV:qHmfRxlIyDKdklJwiDJbO
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
tmp
-
Size
4.6MB
-
MD5
2119454f1f9a29c77912e1516d3d3515
-
SHA1
0fca99af1dab9ef4916862636d757aab32bf680a
-
SHA256
4f99d5ecf7950954cb989832b5565380951c51f571ffc510fe5c96ba86025369
-
SHA512
03607d2126a702297e2264b6778b040d08d0f95787589dda7d9f5981eea49c8d6292f5eca1b1a5f824fb8f678c758ce74f833a992f88338033f24e76b7fdb74a
-
SSDEEP
98304:1zoHEVfXBZHFW1gIOMameDKvlkliXrMwi5kzQ+x2aCOV:qHmfRxlIyDKdklJwiDJbO
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-