General
-
Target
Wraith Unlocker.exe
-
Size
68.4MB
-
Sample
230503-se7epafa92
-
MD5
74f3e0281968249a5a75ae0acbd2a913
-
SHA1
d5467380a6fce236cd3abb189e7a14faced79574
-
SHA256
478247cfd416f1e58ec8c280b8e23fdb4f9c40df6f52dda719485e523f1c1b77
-
SHA512
f69dd8f332f48f1523bdd049e52a797282bb6fecbc085002c45788725e82344b47a1696d5a5269488192aa05bdb8e111d9eba3957a01b6d5cd8a143c129e6f9d
-
SSDEEP
1572864:yjddGvf2GeQuknJBFwRm7bjH5hybSMhQwk/368l:uGvf2vdEHqmnjHz0taXl
Static task
static1
Behavioral task
behavioral1
Sample
Wraith Unlocker.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Wraith Unlocker.exe
-
Size
68.4MB
-
MD5
74f3e0281968249a5a75ae0acbd2a913
-
SHA1
d5467380a6fce236cd3abb189e7a14faced79574
-
SHA256
478247cfd416f1e58ec8c280b8e23fdb4f9c40df6f52dda719485e523f1c1b77
-
SHA512
f69dd8f332f48f1523bdd049e52a797282bb6fecbc085002c45788725e82344b47a1696d5a5269488192aa05bdb8e111d9eba3957a01b6d5cd8a143c129e6f9d
-
SSDEEP
1572864:yjddGvf2GeQuknJBFwRm7bjH5hybSMhQwk/368l:uGvf2vdEHqmnjHz0taXl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-