General
-
Target
ZuluServer2021_x64_ru.msi
-
Size
212.7MB
-
Sample
240212-y6rffadc72
-
MD5
c4d1896ce7d1ac189043a3d77a132b69
-
SHA1
199055124ef5e364d42069e4aae56f93ff5cab55
-
SHA256
ed676bd32b29b05d3f31ae4dcda6a5c4a9fab54f3f5d328b3f5fa80182a9cd0e
-
SHA512
9db7fdf1c673e5cbb8f02e410c15928ca3a8b1ac07e9887e9154b7972259ea8e519199fa7a3f05fee54d27b96aa580440d9bba979c31bab15b22fd76b16e1c63
-
SSDEEP
6291456:pNTMlW/Gj6p6abkU19CdRKGmUkiptV1rXAxn6fNy:pQ6p6aZ19oNm5I9rXZV
Static task
static1
Behavioral task
behavioral1
Sample
ZuluServer2021_x64_ru.msi
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ZuluServer2021_x64_ru.msi
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
ZuluServer2021_x64_ru.msi
-
Size
212.7MB
-
MD5
c4d1896ce7d1ac189043a3d77a132b69
-
SHA1
199055124ef5e364d42069e4aae56f93ff5cab55
-
SHA256
ed676bd32b29b05d3f31ae4dcda6a5c4a9fab54f3f5d328b3f5fa80182a9cd0e
-
SHA512
9db7fdf1c673e5cbb8f02e410c15928ca3a8b1ac07e9887e9154b7972259ea8e519199fa7a3f05fee54d27b96aa580440d9bba979c31bab15b22fd76b16e1c63
-
SSDEEP
6291456:pNTMlW/Gj6p6abkU19CdRKGmUkiptV1rXAxn6fNy:pQ6p6aZ19oNm5I9rXZV
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-