General
-
Target
Dangerous tool setup.exe
-
Size
69.0MB
-
Sample
230502-b9lb9sbb9v
-
MD5
923cf5b4f9724e51f94bc104713e1b48
-
SHA1
16d5a2329c61adac925e42169fe4a39dc31d617f
-
SHA256
f7b781bd8c88df7ad14e3f976eeab7c2785cd2dcf133b2194ffbf02c165a6809
-
SHA512
1f327be0f468c1e1b0ee052ded24eda826e1d7432380e7f98027477bd9b3fd89cc6142c8dccbf2ae580d3d611c06c08196d65b384acb32a503c4353a16ea0e3f
-
SSDEEP
1572864:HjddGvDUySn2nJBLVu5JCwl0wo1ie3od5zky6o/k77:DGvDUyRnHRKMdl1j3odF4v77
Static task
static1
Behavioral task
behavioral1
Sample
Dangerous tool setup.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Dangerous tool setup.exe
-
Size
69.0MB
-
MD5
923cf5b4f9724e51f94bc104713e1b48
-
SHA1
16d5a2329c61adac925e42169fe4a39dc31d617f
-
SHA256
f7b781bd8c88df7ad14e3f976eeab7c2785cd2dcf133b2194ffbf02c165a6809
-
SHA512
1f327be0f468c1e1b0ee052ded24eda826e1d7432380e7f98027477bd9b3fd89cc6142c8dccbf2ae580d3d611c06c08196d65b384acb32a503c4353a16ea0e3f
-
SSDEEP
1572864:HjddGvDUySn2nJBLVu5JCwl0wo1ie3od5zky6o/k77:DGvDUyRnHRKMdl1j3odF4v77
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-