General
-
Target
a1bcb4ceb586cd9dc78323ce2888080ea88a58708a3a95e546bff46d74fc13c8.bin.sample.gz
-
Size
120KB
-
Sample
231006-v5r4ssgg74
-
MD5
f7df8cc077ecf7fbe22cb1df4119d82b
-
SHA1
a465cfedfd9b3774b6368f05311381a72e2eb52d
-
SHA256
038948014b1f44e75647fbd057c38ab560b5d72a44888802d4f1a9a6e1af8ecd
-
SHA512
14b636f7b5c74483381008739dc0df8cdf8beaad6bae23570e9ebfc6e74f10c44c3c114a0ab819b201444faf66d005bc056cd83b3c716258ac7020390465f2b2
-
SSDEEP
3072:r0VfS6G7UtaQ0ELVsskMdtd2VnTN2sbbwqCFN:Isstj0IdPdtd2Vx2sbdMN
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
F:\LAMBDA_README.txt
http://nn5ua7gc7jkllpoztymtfcu64yjm7znlsriq3a6v5kw7l6jvirnczyyd.onion
Targets
-
-
Target
sample
-
Size
241KB
-
MD5
6c292c92e703a155612fe50ea96161d1
-
SHA1
e6ea7c6f564a2fbe15beaf3419dc334d536f250c
-
SHA256
a1bcb4ceb586cd9dc78323ce2888080ea88a58708a3a95e546bff46d74fc13c8
-
SHA512
ab1fb843188f0a5495fea9ccd66bfc13385b95d4ffd7bfc9486e6d29f1c7f3a9468f6b7dadad29f94204d9c9055e5111e7e8c23344c322b979ebd5809096566a
-
SSDEEP
6144:7vB3myi10AU3fb9wZ+4hCLSiqdJft5sJ:7vNq10AU3fb9wosC/J
Score10/10-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies WinLogon
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-