General
-
Target
tmp
-
Size
8.3MB
-
Sample
230315-jdnrhsca84
-
MD5
73f351beae5c881fafe36f42cde9a47c
-
SHA1
dc1425cfd5569bd59f5d56432df875b59da9300b
-
SHA256
a028816d9741540c6184091b4ae3c4e42b104f90fe3b17a55d0e4aa4c4c43824
-
SHA512
f484b1260e73b3717603cfcfd62e820502480d8be57a7570e6c38612c9ea86b9335c6a42742fbdb369a37fcd5ec4c2b06f426a075582c39639128ad7be92da66
-
SSDEEP
196608:PdQ5Lq4eAGPJgBDpKLtW0tzHlYd3cvF8m9k/RRZpAp2FG0c+imhtO:P2VqyC8mQ0vxN79kpR40cUO
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
tmp
-
Size
8.3MB
-
MD5
73f351beae5c881fafe36f42cde9a47c
-
SHA1
dc1425cfd5569bd59f5d56432df875b59da9300b
-
SHA256
a028816d9741540c6184091b4ae3c4e42b104f90fe3b17a55d0e4aa4c4c43824
-
SHA512
f484b1260e73b3717603cfcfd62e820502480d8be57a7570e6c38612c9ea86b9335c6a42742fbdb369a37fcd5ec4c2b06f426a075582c39639128ad7be92da66
-
SSDEEP
196608:PdQ5Lq4eAGPJgBDpKLtW0tzHlYd3cvF8m9k/RRZpAp2FG0c+imhtO:P2VqyC8mQ0vxN79kpR40cUO
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-