General
-
Target
KerbalSpaceProgram Turkce Yama Kurulumu.exe
-
Size
67.1MB
-
Sample
231115-ahw41sha37
-
MD5
93530a9714f6b721ba45fbf82fb36c4e
-
SHA1
7fa1dc079004c8acd6d3a2c53ac9fba4dbfb11d5
-
SHA256
4f1c64f9a718df8014428ebfa1222183700c91b1c7f3a431f66bbcbb357a8574
-
SHA512
011e81762215bea51bb6b4295d3a8a36bde93c8cc845bab66b3ce7e475eadc19d0de164b0289e0e5c17454cb4a7bb0884a07aa4252d1322679be36a11ef2f234
-
SSDEEP
1572864:eGlqhpZDckekSjofjyjsUSnSTt2mjN6LIFTtAmriZn0:ZlqzpakSjobmsUQC0mjN6Qbs0
Static task
static1
Behavioral task
behavioral1
Sample
KerbalSpaceProgram Turkce Yama Kurulumu.exe
Resource
win7-20231020-en
Malware Config
Targets
-
-
Target
KerbalSpaceProgram Turkce Yama Kurulumu.exe
-
Size
67.1MB
-
MD5
93530a9714f6b721ba45fbf82fb36c4e
-
SHA1
7fa1dc079004c8acd6d3a2c53ac9fba4dbfb11d5
-
SHA256
4f1c64f9a718df8014428ebfa1222183700c91b1c7f3a431f66bbcbb357a8574
-
SHA512
011e81762215bea51bb6b4295d3a8a36bde93c8cc845bab66b3ce7e475eadc19d0de164b0289e0e5c17454cb4a7bb0884a07aa4252d1322679be36a11ef2f234
-
SSDEEP
1572864:eGlqhpZDckekSjofjyjsUSnSTt2mjN6LIFTtAmriZn0:ZlqzpakSjobmsUQC0mjN6Qbs0
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-