General
-
Target
PJLLN.zip
-
Size
921KB
-
Sample
231206-wyjphsbe57
-
MD5
7d3b237f26a70e0a01cd993fb61c4491
-
SHA1
e7989d65da4f38ff724d964f9231f2393d6d5dd8
-
SHA256
eb3fdf292c851d8561fa387262891dc5f5eb87dd442471d02fecbb0a19e8e63d
-
SHA512
4be2617689b5fc812726a5ee8418df5ba87d34d9828389f2b9ba35ea9ad4bf9cbd1845a66613a1d6e1d8a480d7068b977a4c503e8c0dfbd41e453633e01201ec
-
SSDEEP
24576:ZZSeKQfLNT58IvVkozKYZCnVAervooPvgw/MIWirW8o:Z5ZDNT58IvhLaFPH/MjirWz
Malware Config
Targets
-
-
Target
PJLLN.zip
-
Size
921KB
-
MD5
7d3b237f26a70e0a01cd993fb61c4491
-
SHA1
e7989d65da4f38ff724d964f9231f2393d6d5dd8
-
SHA256
eb3fdf292c851d8561fa387262891dc5f5eb87dd442471d02fecbb0a19e8e63d
-
SHA512
4be2617689b5fc812726a5ee8418df5ba87d34d9828389f2b9ba35ea9ad4bf9cbd1845a66613a1d6e1d8a480d7068b977a4c503e8c0dfbd41e453633e01201ec
-
SSDEEP
24576:ZZSeKQfLNT58IvVkozKYZCnVAervooPvgw/MIWirW8o:Z5ZDNT58IvhLaFPH/MjirWz
Score1/10 -
-
-
Target
Nqc.msi
-
Size
1.1MB
-
MD5
7e3194c9e3db1520b5fb0e18089ca29e
-
SHA1
dbf1fb16d03a22feaf8a3755fe5cee34f9b79dc1
-
SHA256
4de346aa0313aa1cfdf6865f4baf3efce36d9ee5170bacf863fab5fa14ae007d
-
SHA512
a377463c59bbfed38a17cffcdab52502286d425db784131bbec12b164561c268e117362e6fdeca28c58037df0d3e17bc7e43ad98b6b55a2a0e948d9be7c76cfd
-
SSDEEP
24576:O5qnUeiNpNjd2PsQ67IzRNYZcE++dQoDvgW/MI2crW6G:gqi3NjgbMmhUtDD/MdcrW6G
Score8/10-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-