General
-
Target
Carter.Hale.pst
-
Size
2.2MB
-
Sample
230704-hn9ajabd59
-
MD5
b1228eb2c06475db5a94b831fc457d59
-
SHA1
55780712be0cf8561bae22385f9365e65dc92f19
-
SHA256
1f458d5fa699a98f11fb0d6d0f40b79886433ac7c8bcba44855fa5bd9db5c682
-
SHA512
959c0fb58842245b92da08d843747a25af86174efe34f5bfbafa611a19f8698cff912d13156a49998417db6c67a67d6441323ab381a1dee198366aef94453a43
-
SSDEEP
6144:7gOu+uFWOHmB237llbKxxxbxxNxjxxxCxxxxxxbkx8x7xxxxxxxbZxsxMCxxxxxS:HhA0bjU1aFKcoysEdgbtQScFS1TJ
Malware Config
Targets
-
-
Target
Carter.Hale.pst
-
Size
2.2MB
-
MD5
b1228eb2c06475db5a94b831fc457d59
-
SHA1
55780712be0cf8561bae22385f9365e65dc92f19
-
SHA256
1f458d5fa699a98f11fb0d6d0f40b79886433ac7c8bcba44855fa5bd9db5c682
-
SHA512
959c0fb58842245b92da08d843747a25af86174efe34f5bfbafa611a19f8698cff912d13156a49998417db6c67a67d6441323ab381a1dee198366aef94453a43
-
SSDEEP
6144:7gOu+uFWOHmB237llbKxxxbxxNxjxxxCxxxxxxbkx8x7xxxxxxxbZxsxMCxxxxxS:HhA0bjU1aFKcoysEdgbtQScFS1TJ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-