General
-
Target
particovl.zip
-
Size
855KB
-
Sample
230321-mrpgrabg91
-
MD5
aa755552111760cbec58b6732f2911fc
-
SHA1
3c77f0366d7d492e3cdf16006b2fe312f3ee89b8
-
SHA256
d3ec28c089d98942413d9d197ff38b0bd2c336df708564307467edb58f23ea37
-
SHA512
2bd8d82a0f16b4bc49065afc7967008ceb94e777b36247c529169e00be85a6022148a0560560d14cc773321e912e50921d96f201f9e6c4764b4260cbee216470
-
SSDEEP
384:ynnK9MGosyer556ig9WCc8BN9gCjUslRfDhGkjr/eaLgCbo39dSrYC:ynKe7sPR6N+NsLFGGr/HgC836
Static task
static1
Behavioral task
behavioral1
Sample
particovl.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
particovl.bat
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
particovl.bat
-
Size
699.1MB
-
MD5
85e4843ddbeb2ef9a3cdea6497bbdfa9
-
SHA1
5556ac2aa0d52daa7240877e6df1b60d3969ecec
-
SHA256
4049b93a33911701f2b975d19db0f91e4ae70ccbeee83a93f3352aa76a0152d8
-
SHA512
6c875856504f70ac80912f88e61fd67e9e37e0001d4c0a3c1f6703f69f0e3194142b6c93d941a85d2d721e53a2c1c2e1c59665ccd8fbb803419388d1908e8684
-
SSDEEP
384:Yi56N+inFXIvK0NgMzIR9tFhnvOTSMnZdqEoyZZd5hJUvCUvcmS/lggNbQRq55en:8X+K8xwvWSpmZ5emKAbJ55hz0h
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-