General
-
Target
426937c153dd506951c7f40a94094c48.bin
-
Size
812KB
-
Sample
230606-bk1ewsca51
-
MD5
61ad3176600461222dbecba8cfd0e061
-
SHA1
17bf6ab1d6ab400c5fe8898073825cf470009988
-
SHA256
480480bd127a8adc1be044d8db59da08a8dee51a455a77b0b473c17b2c3fcf64
-
SHA512
ff54584d2b9eecec4333d5d559a260559265004f921cac284239e9d07de23caefa46786f0a37798661edb8c1e1e259dccbd0fafc4e9382f8714cb7d5bf12ecf5
-
SSDEEP
24576:95nN+ZIn7SENcrO9yIYJGOHXjHgswqWEszc:zNss7SEG+yIYJGIXjNWEszc
Static task
static1
Behavioral task
behavioral1
Sample
2f5e7c5c9f1f697bfeb2341ce42743172950f1edacf9ca503328364354bca3b3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2f5e7c5c9f1f697bfeb2341ce42743172950f1edacf9ca503328364354bca3b3.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
2f5e7c5c9f1f697bfeb2341ce42743172950f1edacf9ca503328364354bca3b3.exe
-
Size
863KB
-
MD5
426937c153dd506951c7f40a94094c48
-
SHA1
fb1e60c760f716e3058e3187d701899ba136d6a2
-
SHA256
2f5e7c5c9f1f697bfeb2341ce42743172950f1edacf9ca503328364354bca3b3
-
SHA512
4404e37eced0a0bfa8255e6549d0b9212cd7fd3be87b012879bbf9898b7ffa36d28c27525f4d2b9edc64100ab29e302afe4bbd2594f3810ad4e1701b13405103
-
SSDEEP
24576:Zjy6Akw+amJpYfdwzcfeJs9ReYWCW8kCt9g7:w6Akwhm0fdXO/D8j
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-