General
-
Target
Client-built.mp.exe
-
Size
134.2MB
-
Sample
230604-rw3mdscd82
-
MD5
920e2d9b3c264d74b6b218b00d524992
-
SHA1
041a918b287e3a6aec212fc3b65531c45754c513
-
SHA256
57cf221cca5ad128785da77e5ac687bf7a2846f275d6921779859a382b82aacd
-
SHA512
02b66dd554a51a852c00285a44046f9636f5ca1a926521c98593a6da8a89d823f39fca6fd7a7736dfe00a15c3e5f4909aadceb9abaf1d6989014c1a96d86f5ce
-
SSDEEP
49152:+P1Fbcxw5dR/ZKG2S7VokmJrBpVURM1vdBzFNVmzp0Rg3Urr:+Pnbcxw5dR/IG2S7ViJVs+vHzFYig3s
Static task
static1
Behavioral task
behavioral1
Sample
Client-built.mp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Client-built.mp.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
Client-built.mp.exe
-
Size
134.2MB
-
MD5
920e2d9b3c264d74b6b218b00d524992
-
SHA1
041a918b287e3a6aec212fc3b65531c45754c513
-
SHA256
57cf221cca5ad128785da77e5ac687bf7a2846f275d6921779859a382b82aacd
-
SHA512
02b66dd554a51a852c00285a44046f9636f5ca1a926521c98593a6da8a89d823f39fca6fd7a7736dfe00a15c3e5f4909aadceb9abaf1d6989014c1a96d86f5ce
-
SSDEEP
49152:+P1Fbcxw5dR/ZKG2S7VokmJrBpVURM1vdBzFNVmzp0Rg3Urr:+Pnbcxw5dR/IG2S7ViJVs+vHzFYig3s
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-