General
-
Target
b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700
-
Size
1.4MB
-
Sample
230404-w5s7jabb4w
-
MD5
fa82f3a118b758e6253a9082624a2367
-
SHA1
5615c1ae97da5274844eec984d1801b59a2475bd
-
SHA256
b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700
-
SHA512
5f975a1993780cfff740f0e961cc9f6eb5fd132c9c93507088bc7dfde3eb395945686c5f707dd3918d054cfedbdec09e83ba57f92f117473c47321c5b2353e6c
-
SSDEEP
24576:84UpDMuCSO5T9iKvkK1dA97hfNpZZ06nlvmp78nLBXzPeu67:QplyTv1gpJk98nLBXz2x7
Behavioral task
behavioral1
Sample
b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700.exe
Resource
win7-20230220-en
Malware Config
Extracted
socelars
http://www.kvubgc.com/
Targets
-
-
Target
b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700
-
Size
1.4MB
-
MD5
fa82f3a118b758e6253a9082624a2367
-
SHA1
5615c1ae97da5274844eec984d1801b59a2475bd
-
SHA256
b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700
-
SHA512
5f975a1993780cfff740f0e961cc9f6eb5fd132c9c93507088bc7dfde3eb395945686c5f707dd3918d054cfedbdec09e83ba57f92f117473c47321c5b2353e6c
-
SSDEEP
24576:84UpDMuCSO5T9iKvkK1dA97hfNpZZ06nlvmp78nLBXzPeu67:QplyTv1gpJk98nLBXz2x7
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-