General
-
Target
doenerium_KMPSk7MH.exe
-
Size
69.1MB
-
Sample
230502-vb3cnsbg32
-
MD5
3cec030e96bb45d496e5b735756509ba
-
SHA1
0a55c579db3b33a685c44920d0638ed19b2cca7a
-
SHA256
64c00089a15dd04663e4c517dad7c6fd4f673da72b3bdbae30f5a745508dd83f
-
SHA512
3aa43b612d9de649d691c1d9a7c94c986be8b9590f9e43f457718adf8af1580c74c32180ac9941fa98ed44d18c6d039b9092441bdf58accb5e3a02b3e343b84b
-
SSDEEP
1572864:bjddGv8AV4JBthhAQaRAVvhHUzqkbeIq6o3LuEjMPCym0Lt7:fGv8G4HzmQ++Z8qkbeIqz3LuvLt7
Static task
static1
Behavioral task
behavioral1
Sample
doenerium_KMPSk7MH.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
doenerium_KMPSk7MH.exe
-
Size
69.1MB
-
MD5
3cec030e96bb45d496e5b735756509ba
-
SHA1
0a55c579db3b33a685c44920d0638ed19b2cca7a
-
SHA256
64c00089a15dd04663e4c517dad7c6fd4f673da72b3bdbae30f5a745508dd83f
-
SHA512
3aa43b612d9de649d691c1d9a7c94c986be8b9590f9e43f457718adf8af1580c74c32180ac9941fa98ed44d18c6d039b9092441bdf58accb5e3a02b3e343b84b
-
SSDEEP
1572864:bjddGv8AV4JBthhAQaRAVvhHUzqkbeIq6o3LuEjMPCym0Lt7:fGv8G4HzmQ++Z8qkbeIqz3LuvLt7
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-