General
-
Target
030bad2f855ca0f00316ddd0bd266bbb.exe
-
Size
96KB
-
Sample
240101-ytaxxshbcn
-
MD5
030bad2f855ca0f00316ddd0bd266bbb
-
SHA1
0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8
-
SHA256
b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3
-
SHA512
3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba
-
SSDEEP
1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0
Static task
static1
Behavioral task
behavioral1
Sample
030bad2f855ca0f00316ddd0bd266bbb.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
030bad2f855ca0f00316ddd0bd266bbb.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
darkwarrior
Targets
-
-
Target
030bad2f855ca0f00316ddd0bd266bbb.exe
-
Size
96KB
-
MD5
030bad2f855ca0f00316ddd0bd266bbb
-
SHA1
0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8
-
SHA256
b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3
-
SHA512
3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba
-
SSDEEP
1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-