General
-
Target
7.msi
-
Size
2.7MB
-
Sample
230424-qmfktsca52
-
MD5
12bb817d6871b18a6a6f45dfab968228
-
SHA1
09bf3e3f6585616a5ff44b0845e722f5058568f0
-
SHA256
a90216086aaf026e99d712721f36f62657f747ebdbc40094cd714d595d920d19
-
SHA512
9c7283900d67bb5d7a2565ab1b4bbdfe2288fc220af724d38a5b851bce3ef31e347bfe5e28ad6f17b2753a0849e10f2ab5c42557f38861a525356ebb915b439f
-
SSDEEP
49152:j6qOOTLCTFQq5iNZ4DS5WPvwaqh/nREYVoB5JSHawNx:LrTLmJpc/nREYKd
Malware Config
Targets
-
-
Target
7.msi
-
Size
2.7MB
-
MD5
12bb817d6871b18a6a6f45dfab968228
-
SHA1
09bf3e3f6585616a5ff44b0845e722f5058568f0
-
SHA256
a90216086aaf026e99d712721f36f62657f747ebdbc40094cd714d595d920d19
-
SHA512
9c7283900d67bb5d7a2565ab1b4bbdfe2288fc220af724d38a5b851bce3ef31e347bfe5e28ad6f17b2753a0849e10f2ab5c42557f38861a525356ebb915b439f
-
SSDEEP
49152:j6qOOTLCTFQq5iNZ4DS5WPvwaqh/nREYVoB5JSHawNx:LrTLmJpc/nREYKd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-