General
-
Target
si.msi
-
Size
588KB
-
Sample
230307-tlnftsab4x
-
MD5
262b3a8d59585a9840bcf39c0b98a84a
-
SHA1
3bbccf28a4b75f2ff0505684799f14a8f72969e9
-
SHA256
93ff5d50aeb9242c733dd80f411eeafc0fe72c3eb37327ba85a5626edc4c545c
-
SHA512
1f826b0113b0a1cd785cc311e37bcc6b87634bf5fef72554bef8289c0ae2ac525e063eaf475fb27b2925a1dd52b963da8187d6717dd81c2988aed5ebc2a2ad43
-
SSDEEP
3072:dPaJvTKlkihKyOeGNbb4crPpxBvlHOp2rrFc:dCBW5UyonOp2rrF
Malware Config
Targets
-
-
Target
si.msi
-
Size
588KB
-
MD5
262b3a8d59585a9840bcf39c0b98a84a
-
SHA1
3bbccf28a4b75f2ff0505684799f14a8f72969e9
-
SHA256
93ff5d50aeb9242c733dd80f411eeafc0fe72c3eb37327ba85a5626edc4c545c
-
SHA512
1f826b0113b0a1cd785cc311e37bcc6b87634bf5fef72554bef8289c0ae2ac525e063eaf475fb27b2925a1dd52b963da8187d6717dd81c2988aed5ebc2a2ad43
-
SSDEEP
3072:dPaJvTKlkihKyOeGNbb4crPpxBvlHOp2rrFc:dCBW5UyonOp2rrF
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-