General
-
Target
MAIN.zip
-
Size
16KB
-
Sample
230607-yrrsnafh51
-
MD5
c8c142b326e82024d47f27a380c7fcca
-
SHA1
5e5c2b58c806ffbc532f586bd685c99898c781a7
-
SHA256
9d6b00b1a8511d17476772ed9190d4321a112dd4807d98e865ff1d40e547b680
-
SHA512
6e4dc9d6b1c61a1d4c9ad5e5e6afea2081d909b81d59885b7e4e225307afe1b84c5cfe3bc8cc409844cad6f5657c51bf0894c63139d4a7f397aa1b8094f5cd19
-
SSDEEP
384:oqZdKkv53Y61705PloEwcpuqvp0d/D3zGcIaO/uK8cWDRVGB:P5blWuCmAOON8XVS
Static task
static1
Malware Config
Targets
-
-
Target
run.bat
-
Size
929B
-
MD5
d29013903a60a5b84a29cf152241535e
-
SHA1
7f7d46052e60087b6036928e4f0d1721804a5b35
-
SHA256
04e6b196ae19807ee0dab6f3441a7a66ea8f6b28012bbb30acf276b10d2b14ae
-
SHA512
69f7a82d81afd714d456c0c7cb34b5ccb0a775d0d8eaddad8cb2bff22f6a4e83e2a7d5809a24b43c6affb2d85ce3e6f0dc521c5191d6fb8a953772d122fe9ab1
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-