General
-
Target
krnl_beta.exe
-
Size
1.8MB
-
Sample
230422-g974xsfa7v
-
MD5
3701dc535fb395d6a1fb557a3aeec5e9
-
SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35
-
SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
-
SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
-
SSDEEP
49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC
Static task
static1
Behavioral task
behavioral1
Sample
krnl_beta.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
krnl_beta.exe
-
Size
1.8MB
-
MD5
3701dc535fb395d6a1fb557a3aeec5e9
-
SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35
-
SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
-
SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
-
SSDEEP
49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-