General
-
Target
SA38PICTURE3.png
-
Size
31KB
-
Sample
230331-z2p79aeg7x
-
MD5
e3835e82535406bb958d051ede30d09c
-
SHA1
0818b3934c77d822c51fbe673c8862cffc7ba211
-
SHA256
2e34c434a2d07047c5889ba60be04ff2090f3c9c243a8b74325bcddd9baa66be
-
SHA512
329138a41d7d7309a352ef8d53c5657b4c6026463bf37ec170da6e31a8bc40f75aefa653225ac00042f6f43faaa16b9ac69f1cd26805b3903689caa4bec677dd
-
SSDEEP
768:UhCV8DgorUdDEQdHQJaDMfF26EHDJ0wCP0aS91t5qaTL3:Uhk5oOZ5maQvM0tc/9j5jL3
Malware Config
Targets
-
-
Target
SA38PICTURE3.png
-
Size
31KB
-
MD5
e3835e82535406bb958d051ede30d09c
-
SHA1
0818b3934c77d822c51fbe673c8862cffc7ba211
-
SHA256
2e34c434a2d07047c5889ba60be04ff2090f3c9c243a8b74325bcddd9baa66be
-
SHA512
329138a41d7d7309a352ef8d53c5657b4c6026463bf37ec170da6e31a8bc40f75aefa653225ac00042f6f43faaa16b9ac69f1cd26805b3903689caa4bec677dd
-
SSDEEP
768:UhCV8DgorUdDEQdHQJaDMfF26EHDJ0wCP0aS91t5qaTL3:Uhk5oOZ5maQvM0tc/9j5jL3
Score8/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-