General
-
Target
5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa
-
Size
709KB
-
Sample
230504-mz4awabg79
-
MD5
f7dd21d911a69d374ed61cf4dfa05543
-
SHA1
2bb841a26eae0743cdb7f422d03b0dc687139c43
-
SHA256
5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa
-
SHA512
c3028f6a2b60a300776ecb3576fa451acfc0ca88cfcb54f362f573d079ee65908f42c05d0c5b85e7158eedb88b46c93143fe5d8fe4bac9fc2b394f3efc8cc7f8
-
SSDEEP
12288:PMrHy90VVCrP2n3TdxcGYX1QVshtTsClNA4GN9uuVttMFmIeA:MyMgPu3Tz6X1QXCl/AzEeA
Static task
static1
Malware Config
Targets
-
-
Target
5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa
-
Size
709KB
-
MD5
f7dd21d911a69d374ed61cf4dfa05543
-
SHA1
2bb841a26eae0743cdb7f422d03b0dc687139c43
-
SHA256
5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa
-
SHA512
c3028f6a2b60a300776ecb3576fa451acfc0ca88cfcb54f362f573d079ee65908f42c05d0c5b85e7158eedb88b46c93143fe5d8fe4bac9fc2b394f3efc8cc7f8
-
SSDEEP
12288:PMrHy90VVCrP2n3TdxcGYX1QVshtTsClNA4GN9uuVttMFmIeA:MyMgPu3Tz6X1QXCl/AzEeA
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-