General
-
Target
Salad-1.1.0.exe
-
Size
1237.1MB
-
Sample
230401-b9qa8age4x
-
MD5
38ec0f0262291407df2c9e84d0f12a89
-
SHA1
7970e5e1fe403bb6502899d52984fe48c348204c
-
SHA256
91f6a5d5bc61691cdcecfd8b57f079f2168c8700724ddc0e4582ccbdcd3ca987
-
SHA512
fb7754650372effbfe910c7d669e32043b0caf6d4253bdb29e1b5c9058319759da916bb7fefd22625a2d1cb8767b220cee764c91962581a75437c091aad68ed9
-
SSDEEP
25165824:l5jOBdFhrm0sBFrzn5ka1cqgw7raFWhtZJULNDF5eJP1:3j1T1nGa7raFqtZJEBer
Static task
static1
Malware Config
Targets
-
-
Target
Salad-1.1.0.exe
-
Size
1237.1MB
-
MD5
38ec0f0262291407df2c9e84d0f12a89
-
SHA1
7970e5e1fe403bb6502899d52984fe48c348204c
-
SHA256
91f6a5d5bc61691cdcecfd8b57f079f2168c8700724ddc0e4582ccbdcd3ca987
-
SHA512
fb7754650372effbfe910c7d669e32043b0caf6d4253bdb29e1b5c9058319759da916bb7fefd22625a2d1cb8767b220cee764c91962581a75437c091aad68ed9
-
SSDEEP
25165824:l5jOBdFhrm0sBFrzn5ka1cqgw7raFWhtZJULNDF5eJP1:3j1T1nGa7raFqtZJEBer
-
Async RAT payload
-
Detectes Phoenix Miner Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-