General
-
Target
07122023_0119_KRR.zip
-
Size
921KB
-
Sample
231206-vvxarsfg4t
-
MD5
95507e5f56813c9b527af89dd761ef1f
-
SHA1
2c407a26790a493fcffbd4c24af9b5fdee836bbc
-
SHA256
80cc47d4f2c01cd864da8d0a6616fd1ffef9b85c5efc94ad76364f83dbbad029
-
SHA512
adb2f7dae1aa509e1804e7fe0d576c1d749c9b415bfca47fc8c0dc4ea028555f8bb75c3f45208f28104bcf597e4b7bc4ee8bfa501b8c2e375331427965e6ba21
-
SSDEEP
24576:XJ9Utl9SeKQfLNTaPEQ3Y+Aj8zBYZrnz7ec/WoZvgI/MIkMrWrS:XHUtjZDNTac6Y+AwmDvZr/MhMrWrS
Static task
static1
Behavioral task
behavioral1
Sample
Novzr.msi
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Novzr.msi
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
Novzr.msi
-
Size
1.1MB
-
MD5
e2971d312ab219c4bf7f8fce51b20ee4
-
SHA1
5ecc4fc2ad43d23fede25e7506c870c6a4fc83b3
-
SHA256
45cc68c5a0c57024409b77d83834d2981a6374a6e439b64a91f2db037de94ff4
-
SHA512
6a43c2bbee1f067e46c70f939c43ee5f10267b122dd0e12cc6613178e77aa627fd1f8878e9205ee18622fba3d8b2e5db085898b19bcd49e89785f929d9caba0e
-
SSDEEP
24576:55RnUeiNpNjX2PsQ67IzRNYZcE++dQoDvgW/MI2crW6/:nLi3NjmbMmhUtDD/MdcrW6/
Score8/10-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-