Overview

overview

8

Static

static

1

rcpg_sysbl...er.exe

windows7-x64

7

rcpg_sysbl...er.exe

windows10-2004-x64

8

Resubmissions

20/03/2023, 22:34

230320-2g7mxaff62 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    rcpg_sysblog-bestregistrycleaner.exe

  • Size

    4.6MB

  • Sample

    230320-2g7mxaff62

  • MD5

    4e94c2bec2e55e9d50632465c26d3e22

  • SHA1

    188a02d1625a928e8b7837f3a3fe5d9056437ecf

  • SHA256

    f97469231c0e94b3f4be48a4702d281f435f0ce5cb8cf917f219c0b77f760d59

  • SHA512

    d81c20d090776d63f960dd21877abd536ca3480847c9c3ab6f546c310f40433c370d73e678612bc2c7e22e038ba194562ece23e18c4de175e5304c904dc9bcc6

  • SSDEEP

    98304:YLhq6RPhfA1J2otzsyA6W+b97sBlz5TsNrcVHlU0jfc:YLA6Ra1UIzsBqbNsHFzU04

Score
8/10
discovery

Malware Config

Targets

    • Target

      rcpg_sysblog-bestregistrycleaner.exe

    • Size

      4.6MB

    • MD5

      4e94c2bec2e55e9d50632465c26d3e22

    • SHA1

      188a02d1625a928e8b7837f3a3fe5d9056437ecf

    • SHA256

      f97469231c0e94b3f4be48a4702d281f435f0ce5cb8cf917f219c0b77f760d59

    • SHA512

      d81c20d090776d63f960dd21877abd536ca3480847c9c3ab6f546c310f40433c370d73e678612bc2c7e22e038ba194562ece23e18c4de175e5304c904dc9bcc6

    • SSDEEP

      98304:YLhq6RPhfA1J2otzsyA6W+b97sBlz5TsNrcVHlU0jfc:YLA6Ra1UIzsBqbNsHFzU04

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks