General
-
Target
crazydownsetup.exe
-
Size
66.0MB
-
Sample
230703-ez4bwaef87
-
MD5
901bab70e5880e6a62010b39ff9d7f40
-
SHA1
06f0b26ee99d0e69b497455e50d6095e93bce986
-
SHA256
53fb66327411d80dc985b6434cea4da46016f33ac8f037f0845ba26000b9469d
-
SHA512
4b8a1f23fbd2c65db9f644c10f07c1a6c8e369d808d1e1d8e62037b5b5af7fb9aa725d717802f91b63bbf513ed4c49c5e2d0ac553944797cf1b18dfc2c0e244e
-
SSDEEP
1572864:jKTTF20hk/n8chTPO8vJ4n1vy0XTDrz3m8gH3JAlNoRF7:OXF20hcn8chHuv7TD/2HXQNoj7
Static task
static1
Behavioral task
behavioral1
Sample
crazydownsetup.exe
Resource
win10-20230621-en
Behavioral task
behavioral2
Sample
crazydownsetup.exe
Resource
win7-20230621-en
Malware Config
Targets
-
-
Target
crazydownsetup.exe
-
Size
66.0MB
-
MD5
901bab70e5880e6a62010b39ff9d7f40
-
SHA1
06f0b26ee99d0e69b497455e50d6095e93bce986
-
SHA256
53fb66327411d80dc985b6434cea4da46016f33ac8f037f0845ba26000b9469d
-
SHA512
4b8a1f23fbd2c65db9f644c10f07c1a6c8e369d808d1e1d8e62037b5b5af7fb9aa725d717802f91b63bbf513ed4c49c5e2d0ac553944797cf1b18dfc2c0e244e
-
SSDEEP
1572864:jKTTF20hk/n8chTPO8vJ4n1vy0XTDrz3m8gH3JAlNoRF7:OXF20hcn8chHuv7TD/2HXQNoj7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-