General
-
Target
00031-00068.cap
-
Size
3.2MB
-
Sample
230329-fl23bsgd7x
-
MD5
5b90d9bfcf283f41398d639014b2a276
-
SHA1
83be72ca78162b7e9438c956827354147089f2a6
-
SHA256
29e73739d0fadc537e56f8657c4b30ee9d1b3966b5ddaac12afb4b18a7acbd87
-
SHA512
c1a2b0f9a400ddccee5e3529ad77b2f643d29a1eeae076c95ef78488a3bbd2158a74221b4a001f57b04ca2abf2394ff182f71a0836afc12825cd8212c9d61c2f
-
SSDEEP
98304:jPN4gfTSEzxvTv284GyoBViMY9J13y1qV50:bT9xrO8Tji/1iYA
Behavioral task
behavioral1
Sample
Device/HarddiskVolume5/Program Files/Tally.ERP9/capsules/00031-00068.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Device/HarddiskVolume5/Program Files/Tally.ERP9/capsules/00031-00068.cap
-
Size
3.6MB
-
MD5
73e86a2310340e627199d9f5748dabbe
-
SHA1
d1a85f5b52f5dce7e2dcb14bf18f70ca9674adaa
-
SHA256
a166a85213b4ba76d2e76a4ad31ce9603d86df64e86db6eaf716dfabbf8d4a1b
-
SHA512
a6cf64fb80e4b9f5ee8f5f296673c3fa829fefdd692fe1a7ed01a0334998d49f52ca142f8088b63889b0d29b0fbbcb5bbff47adf2778c09ea99156dc4ff61238
-
SSDEEP
98304:XtfzmCctEWybcSJSLABLMT3bqS88xQFIiyh3Azye0A:Xt7n2pNSHdrgiDzH0A
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-