900a663fb206b74225e97e334c4a733ca870f29106f145044eeae77c08d0a44d

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

installer.exe
Size

149KB
MD5

2091e5a265c44da1b0a5de5bc112a6dc
SHA1

02d5489c5bb1b169238ff5d79d5a09982d15caa3
SHA256

900a663fb206b74225e97e334c4a733ca870f29106f145044eeae77c08d0a44d
SHA512

77de1388ec943f3f6539b408a7133b4bc16b0b5c86acd5a22640ea9e1831aac71d806ff81e1c77024bbe7a8aecc4238f92d6cc1cfc56b943d31ec6643289c91a
SSDEEP

3072:hZoZc+265eMjxdbKRcIu5A6Jdx7Y6mGxq:hZoZ/+u5A6Jdx7Y6mmq

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	installer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1232	installer.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1232
- C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe
  "C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe"
  2⤵
  PID:408

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:60

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe

Filesize
180.8MB

MD5
c450047ac5f9d717c7db759145f1f0ac

SHA1
c26bddb08f8f37b83aa6b2ab44b4771ac7414074

SHA256
580f95efa28a290ddf084c6d3712c03a162a7f9f4c4a68b0d088e20458fa6a47

SHA512
10f8b14de401f6bc2f37ba84acb0da4882eed64b379f76fd6fd40d618ba5e99f902ec2949b4a125a769ecc2dacf7f5589ad2e9e528f5700c3d2da97b0cb53c57

Download Submit
C:\Users\Admin\AppData\Roaming\Flarial\latest.zip

Filesize
72.6MB

MD5
0339f9971c13bd73fdb7bb98f81d2370

SHA1
e1fff510aa5695f8765f15cb3e3e1d8bbe7924a5

SHA256
bb14f9a42f2943b3ba1d99184443561eb4d40e644c45dc35cb23d549be67b5d0

SHA512
1bcc6f38ed87ae11d13fb0056fe99bbf256439cf6711fa44bc68cc055c8bc90dd85a1db8af36ebeffca848848e9c0b8108d867b2123a5cdf6097af22a92ed6f4

Download Submit