General
-
Target
sample
-
Size
13KB
-
Sample
230325-nq27wsef5w
-
MD5
ca1f5082e55d8868c1eedebfc3f25afc
-
SHA1
769dd024ff34604c9de4280e8d17432d57bb6e5b
-
SHA256
2669dac649e31601e4d2410e4cbed5f8fb70ac6a9431856a79491ad865e86fad
-
SHA512
44b72d79d57a4e98280a1d3db832aa160aa661241fc909048d5adc1c19d1fc3dc0dcbe080f86a6560dbc4d1590a1534a7009d93d5e01c73ee6e847d7bccaf86c
-
SSDEEP
384:rbuu4oizeVoOsKsElKeGMdU8Hhhbqhf+U2mcb:rbviCVoOsKHI1MxBhbWf1o
Static task
static1
Malware Config
Targets
-
-
Target
sample
-
Size
13KB
-
MD5
ca1f5082e55d8868c1eedebfc3f25afc
-
SHA1
769dd024ff34604c9de4280e8d17432d57bb6e5b
-
SHA256
2669dac649e31601e4d2410e4cbed5f8fb70ac6a9431856a79491ad865e86fad
-
SHA512
44b72d79d57a4e98280a1d3db832aa160aa661241fc909048d5adc1c19d1fc3dc0dcbe080f86a6560dbc4d1590a1534a7009d93d5e01c73ee6e847d7bccaf86c
-
SSDEEP
384:rbuu4oizeVoOsKsElKeGMdU8Hhhbqhf+U2mcb:rbviCVoOsKHI1MxBhbWf1o
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-