General
-
Target
Launcher.msi--
-
Size
52MB
-
Sample
230324-jq2h5sfb3v
-
MD5
65ed3b7656f31d39bcda8a8f26fdd9fe
-
SHA1
a8ba1a11ff4d38e0a52aef4347b42ead3144c581
-
SHA256
747a91ca1d2200682df05e8a409f01c13e29ff2bada1b0e3e7522d2ea0e1cb73
-
SHA512
a248f3ff4b36212778812180c5d23bb8dbe5c0b64eb8532831f15201f85e4f48fcdd092fad2ce44a566a3ef1fb758a50c4d990eb0a96bfda9ab19c2833982314
-
SSDEEP
1572864:jH9fUW2eQO042KbSJ9zoNuxVBZ4fi2UXeQTp0:2pdgS7UNu/gUXnTC
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.msi
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Launcher.msi--
-
Size
52MB
-
MD5
65ed3b7656f31d39bcda8a8f26fdd9fe
-
SHA1
a8ba1a11ff4d38e0a52aef4347b42ead3144c581
-
SHA256
747a91ca1d2200682df05e8a409f01c13e29ff2bada1b0e3e7522d2ea0e1cb73
-
SHA512
a248f3ff4b36212778812180c5d23bb8dbe5c0b64eb8532831f15201f85e4f48fcdd092fad2ce44a566a3ef1fb758a50c4d990eb0a96bfda9ab19c2833982314
-
SSDEEP
1572864:jH9fUW2eQO042KbSJ9zoNuxVBZ4fi2UXeQTp0:2pdgS7UNu/gUXnTC
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-