General
-
Target
Versa.wtf_robloxtxt.scr
-
Size
58KB
-
Sample
240125-t63q9abfgl
-
MD5
0b994f6931e0ae689adc17b8a6650629
-
SHA1
3ff8e1de8d839a71331fb1d2e6afa0ed29eea609
-
SHA256
e357135bee468ba798b556dec8ceba0d38db2eaff80055ab6650e7c03c16805c
-
SHA512
c89e84348a74d2886545e9ca6ffc451a4f2a5134f3e874b2eb9e78f1f2acefb2dec85cbf41bdbf3630d798a6cebf9aa69ad1b46b7ccf747e24462df3205fde4f
-
SSDEEP
384:Mi38dDnaxg679BwKCcbeuiyOgW+vvRiBDeoww4glQhgLU07kRI0VxdahYMMmncdb:/s9naW+95CcbKv5qvkBDxLc
Static task
static1
Malware Config
Targets
-
-
Target
Versa.wtf_robloxtxt.scr
-
Size
58KB
-
MD5
0b994f6931e0ae689adc17b8a6650629
-
SHA1
3ff8e1de8d839a71331fb1d2e6afa0ed29eea609
-
SHA256
e357135bee468ba798b556dec8ceba0d38db2eaff80055ab6650e7c03c16805c
-
SHA512
c89e84348a74d2886545e9ca6ffc451a4f2a5134f3e874b2eb9e78f1f2acefb2dec85cbf41bdbf3630d798a6cebf9aa69ad1b46b7ccf747e24462df3205fde4f
-
SSDEEP
384:Mi38dDnaxg679BwKCcbeuiyOgW+vvRiBDeoww4glQhgLU07kRI0VxdahYMMmncdb:/s9naW+95CcbKv5qvkBDxLc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-