General
-
Target
trainerv_LbkGolm7.exe
-
Size
4.4MB
-
Sample
230406-wfe9daec24
-
MD5
b0d315aec673586bdd8df809d85d39d8
-
SHA1
3265a10ef073cc1cd822c660481d213efbc11be5
-
SHA256
6f45d7e90e66228095d980654e81b524ab8ff1401eeb1f5bda0fd10b4f05b1be
-
SHA512
bb9de0a39922e74c2956e45798d816891a19a3d638bbb414ddb22d9ff2bd099a735df7a7129c298cf749be1045a15e5613fcc636ca9661ee8b6a13e61a66099b
-
SSDEEP
98304:8Q4mWqUpwcEzrTP30I3GuGTCXN7AHNSQ9cf1pp9b2zN2i1ZewTXcq:ZRUmcorToBT44JMTnbIJZeqXcq
Static task
static1
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
trainerv_LbkGolm7.exe
-
Size
4.4MB
-
MD5
b0d315aec673586bdd8df809d85d39d8
-
SHA1
3265a10ef073cc1cd822c660481d213efbc11be5
-
SHA256
6f45d7e90e66228095d980654e81b524ab8ff1401eeb1f5bda0fd10b4f05b1be
-
SHA512
bb9de0a39922e74c2956e45798d816891a19a3d638bbb414ddb22d9ff2bd099a735df7a7129c298cf749be1045a15e5613fcc636ca9661ee8b6a13e61a66099b
-
SSDEEP
98304:8Q4mWqUpwcEzrTP30I3GuGTCXN7AHNSQ9cf1pp9b2zN2i1ZewTXcq:ZRUmcorToBT44JMTnbIJZeqXcq
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-