General
-
Target
winrar-x64-621es.exe
-
Size
3.5MB
-
Sample
230331-vtrc5aca23
-
MD5
db5aea690500b898cb30e1b149e3bcb2
-
SHA1
2de5f136a7b94124e2b15a9c9185637bea503da4
-
SHA256
89b5ec3e64b8c276195a14e762439b78594a267082e6875f70c873ef6836be88
-
SHA512
627e0cb9da2839abfadecddda1ed10c52a2b56140a338750549d8163d0f7596b2bae8f83336c05446f20333d593179f81efc6ac18a31699aa85e898381d14122
-
SSDEEP
98304:QXBOBfKPMXjTKf8zCgs1aArGgaZ+0Vkvis1:QX/PwifXaArMFois1
Malware Config
Targets
-
-
Target
winrar-x64-621es.exe
-
Size
3.5MB
-
MD5
db5aea690500b898cb30e1b149e3bcb2
-
SHA1
2de5f136a7b94124e2b15a9c9185637bea503da4
-
SHA256
89b5ec3e64b8c276195a14e762439b78594a267082e6875f70c873ef6836be88
-
SHA512
627e0cb9da2839abfadecddda1ed10c52a2b56140a338750549d8163d0f7596b2bae8f83336c05446f20333d593179f81efc6ac18a31699aa85e898381d14122
-
SSDEEP
98304:QXBOBfKPMXjTKf8zCgs1aArGgaZ+0Vkvis1:QX/PwifXaArMFois1
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-