General
-
Target
ShadowPCSetup.exe
-
Size
136.7MB
-
Sample
230419-wn6rased5v
-
MD5
517d4beab5e024d3185856fba57c249f
-
SHA1
981c4ed091625a1eaa363af1a0b4ae9e8776f0b8
-
SHA256
d7fa9690c31531fec7ccaddcaa04a2761cb85f1aa3898badce682353ca4e1734
-
SHA512
4e5eddb4285e9588a37f4836cb50418737708aa3397ab981b40ab6ad7226add11e3404b5c76e88c3515cc52458c07e799838935112071725ec1431f87418a868
-
SSDEEP
3145728:2K9eORX6sUqCLpA6E6we6XI7PxZRG+q6HcjY/oWNWOVlVSceWu4O5HL0i:p97XZIiH6hSGxDG+bHcIrNWOlo4OtL0i
Malware Config
Targets
-
-
Target
ShadowPCSetup.exe
-
Size
136.7MB
-
MD5
517d4beab5e024d3185856fba57c249f
-
SHA1
981c4ed091625a1eaa363af1a0b4ae9e8776f0b8
-
SHA256
d7fa9690c31531fec7ccaddcaa04a2761cb85f1aa3898badce682353ca4e1734
-
SHA512
4e5eddb4285e9588a37f4836cb50418737708aa3397ab981b40ab6ad7226add11e3404b5c76e88c3515cc52458c07e799838935112071725ec1431f87418a868
-
SSDEEP
3145728:2K9eORX6sUqCLpA6E6we6XI7PxZRG+q6HcjY/oWNWOVlVSceWu4O5HL0i:p97XZIiH6hSGxDG+bHcIrNWOlo4OtL0i
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-