General
-
Target
MeeTalk(1).zip
-
Size
185.1MB
-
Sample
230329-jkcb3agh9v
-
MD5
f8af499442d8ca1daa1b282830256c9a
-
SHA1
05d343ab75efef4b80896a4651d8e9abaabe1317
-
SHA256
de1cdfd7cd6e9fe54f7a8bb7636b9041f180b707cc9e05797181a1c0f46907e6
-
SHA512
1d94a7100ae6604f3b33971e3818d44c10184c4f3e2c263de504525c2228fee1b724f3c2ffb0b06ea86b2bae72974151b85a441edf80c2dc8c912af2fea623e8
-
SSDEEP
3145728:GpbEjiZoO0SCWk6fKG1zJLbVrjGGp2JkKIOI+JHNAP2Wc9xifH7Y8k675ZjxgJ9X:GkFO0DWk6fKG11VC6GIOT8P21xifbO6I
Static task
static1
Behavioral task
behavioral1
Sample
MeeTalk.msi
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
MeeTalk.msi
-
Size
186.6MB
-
MD5
72f5d7578038f91c96340d31858cb124
-
SHA1
dd0064c57d83a54e84d12569e0710676cd4deaba
-
SHA256
d614d576366b76b3543346c2be3078f30938c5869b94c05030322af1e493aecb
-
SHA512
43dc33f04f2c1e320089634d9ee3598bfa20f3e1dfb957249860a111bf1cf03923c481360c311e115a069fb4a11d64f8eb86584d179f805e72280fd4b545ddbb
-
SSDEEP
3145728:ohkbCHNOivX2+oL7FFsrGxk50YWn1/X7JrVE0ubQYCcOxk8r5C+03i9VfJHCJpcp:oTJX2hL7FFsrGxSEVq0rba8r8PiBHYcp
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-