General
-
Target
CG_Loader.exe
-
Size
25.7MB
-
Sample
230320-1gmr3ahd9v
-
MD5
eacee266b414d217ca8869fa8eec977f
-
SHA1
4368546288967ce75133dad6514ee36713b50b29
-
SHA256
71ffa8cbd2909f9ca192c76fbea4a473ecbdf7314e21c9953cc27710765000f5
-
SHA512
9e39ecbc28492baf9294d4c6d7f1f8d9ffd04418754b0e599d42bd241d61e367e0f6e762f3b5fc607894e5e98e3a69939dd4fc3a8dcab0679915f93d82b1d09d
-
SSDEEP
393216:9eWP83C/eKN0l8btLZbpjw3srjhJ7FpRr/OB1UUWwcfwo2/S3TUFR5:9eT3eelexrdJBpQnUUewjcTUl
Behavioral task
behavioral1
Sample
CG_Loader.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
CG_Loader.exe
-
Size
25.7MB
-
MD5
eacee266b414d217ca8869fa8eec977f
-
SHA1
4368546288967ce75133dad6514ee36713b50b29
-
SHA256
71ffa8cbd2909f9ca192c76fbea4a473ecbdf7314e21c9953cc27710765000f5
-
SHA512
9e39ecbc28492baf9294d4c6d7f1f8d9ffd04418754b0e599d42bd241d61e367e0f6e762f3b5fc607894e5e98e3a69939dd4fc3a8dcab0679915f93d82b1d09d
-
SSDEEP
393216:9eWP83C/eKN0l8btLZbpjw3srjhJ7FpRr/OB1UUWwcfwo2/S3TUFR5:9eT3eelexrdJBpQnUUewjcTUl
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-