General
-
Target
Crespo_Loader.exe
-
Size
1.3MB
-
Sample
230324-2jwcnabh8w
-
MD5
1564a6c09efd13e7d9276ea68657a7a2
-
SHA1
89afd7e12daec09e498cdce31c42af7d3b644833
-
SHA256
2e8bdeba54ea809da1b6be4a1d1154067cd3b996165952042924da2930896dcd
-
SHA512
6c21ecdb7fb3d16daa00015bdf4f7afbefd1d1f472a16dc60095ee5b396b6c2c4dc0b31ade9214ea0a7f497360bc8100cd28f8e1d887aad783c8fec84249c761
-
SSDEEP
24576:VVgSy3IRUovmtgOzAz/PTP8DdCJ1Jz1b1Ga4Xr6w9KH3eyHl/pvW5HNtoKSkLzUU:VVymUkKo/IDdMz11WrgJ/I1NtpL
Malware Config
Targets
-
-
Target
Crespo_Loader.exe
-
Size
1.3MB
-
MD5
1564a6c09efd13e7d9276ea68657a7a2
-
SHA1
89afd7e12daec09e498cdce31c42af7d3b644833
-
SHA256
2e8bdeba54ea809da1b6be4a1d1154067cd3b996165952042924da2930896dcd
-
SHA512
6c21ecdb7fb3d16daa00015bdf4f7afbefd1d1f472a16dc60095ee5b396b6c2c4dc0b31ade9214ea0a7f497360bc8100cd28f8e1d887aad783c8fec84249c761
-
SSDEEP
24576:VVgSy3IRUovmtgOzAz/PTP8DdCJ1Jz1b1Ga4Xr6w9KH3eyHl/pvW5HNtoKSkLzUU:VVymUkKo/IDdMz11WrgJ/I1NtpL
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-