General
-
Target
moshimoshi.zip
-
Size
86.0MB
-
Sample
230425-dhm3wshh5z
-
MD5
7e64c9d7d6a6e38582022489322c7e39
-
SHA1
e2ddf8143116771bba51c1765741bfaa27d42b6c
-
SHA256
f063d2228e39efe2f6f5f659c9c69ec683b6d278c37fc9b47a00857903f24839
-
SHA512
b29312d4cb929f4f32cf94ca31b56ce5f5e30240cc79f8535c0d280f751390abeb79742516b8c5e0496894f0a1ef29273b7cc4bf8160a3dcb491efb1549ed2cb
-
SSDEEP
1572864:ljXyVcUnUd+9qC2G+Mt8tf7z1Xq8zn4VDHQ54/kVB15X7HY34VHPJUvT6MteU:JGs+97jGE8MVDIGgBjrwevOTp0U
Behavioral task
behavioral1
Sample
bot.exe
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
bot.exe
-
Size
22.2MB
-
MD5
909e6c2fdfe7799b4a246fd963dac1fc
-
SHA1
41163f2fb8034fb29134a9ed6437cb247092f2b5
-
SHA256
e3f1e550febb6d17b8b1323f3b3a127d9a5f8c2354ea808640c94fd86bc7eea7
-
SHA512
906c8f7dc2653ba41a823c357f5a3c06c58aa26de35e7dfcaa2072abca4aa597351fa672d34d7a3a2b0406207e861e3b67d068d719499144fb065ad6b17e4129
-
SSDEEP
393216:gUJ1obI/fL2VmvUUJe5d9l/oocuk00fvDGiF+NQmqwGtCDB86mdclLrP6VBkHpN6:PJ1h/fyVmvUUJad7cw0XDJ+OmqfaB8+
Score7/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
config.exe
-
Size
63.9MB
-
MD5
5908e3e43cd13a7817ebc00e84726011
-
SHA1
2bb84721c2a5599bf0d10f1478abff751ed63287
-
SHA256
fee404652393a455c84216d7c761c369b4a560401d4016911d247dcd78b2a81b
-
SHA512
fafb2e54bf38c43fb5cdea0ddd8b1e6ad58ac72b8c53ae2f62ad3cf2dd8f89d37741348098ff648230968e741e3f33bbc04da6649e52edb25a9e8f1cd526f2d4
-
SSDEEP
1572864:WjddrbW1laQ3/mx+LeHP79ZN7ER0H93h2XXo4oI:KfWWQ3K2wPJr6O5CXF7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-