General
-
Target
WindowsInstallerDirPatchCleaner_1.4.2.0.exe
-
Size
1.3MB
-
Sample
230615-sd1whsaa71
-
MD5
70d0bd7633d10c492839272c97b2544e
-
SHA1
4da0e8c2fe1f06b13985d700fe15686a1015c3bb
-
SHA256
6472de894c5cb6050fd80cdd893b8772aef71f8bdb5c65a0175cf7cbb90e6ec6
-
SHA512
99d43ed2060eb6371a54f73af407fe4cc7644a93e5f856419ad0cb8769b2664139cb9097ff4be4b8dbb93f2c5da4fc90bc48eeac6fe0b3df5f8bc12428b5b5b2
-
SSDEEP
24576:91OYdaPtyx5f3bpaOZpBr8Mok3CwAvCJYNsO7z7YHgEzmvDjvANu29N:91Os1gOpBrRokSwAqJY73Sz2Qv
Malware Config
Targets
-
-
Target
WindowsInstallerDirPatchCleaner_1.4.2.0.exe
-
Size
1.3MB
-
MD5
70d0bd7633d10c492839272c97b2544e
-
SHA1
4da0e8c2fe1f06b13985d700fe15686a1015c3bb
-
SHA256
6472de894c5cb6050fd80cdd893b8772aef71f8bdb5c65a0175cf7cbb90e6ec6
-
SHA512
99d43ed2060eb6371a54f73af407fe4cc7644a93e5f856419ad0cb8769b2664139cb9097ff4be4b8dbb93f2c5da4fc90bc48eeac6fe0b3df5f8bc12428b5b5b2
-
SSDEEP
24576:91OYdaPtyx5f3bpaOZpBr8Mok3CwAvCJYNsO7z7YHgEzmvDjvANu29N:91Os1gOpBrRokSwAqJY73Sz2Qv
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-