General
-
Target
beans.exe
-
Size
15.2MB
-
Sample
240219-y43qpach97
-
MD5
4e69c18f43d1d194bbb9aefc7338d494
-
SHA1
d0db4dc95f93332699f8c09283db0d61340f5ffa
-
SHA256
ae4070d4d1d148f1bbaa61472c5202c4e0ee6f87be1a2e2925092a07510c9515
-
SHA512
675b3a9981f63062b807eee84fe05ba8dcb77a966075778bbcd4c91f9c6a4dd100ba002bf64cc3f0fceab6c1f62ac91575f2c6e9264dbfd8c280d1127e7696a1
-
SSDEEP
393216:50OJk/W4I8hlzFiibL2Vmd6mM0Gzajj3rzmAvlSR+mY1irEhhxC1YVSv:mOJZ4hF7yVmdEEjbzmXAmihf8
Malware Config
Targets
-
-
Target
beans.exe
-
Size
15.2MB
-
MD5
4e69c18f43d1d194bbb9aefc7338d494
-
SHA1
d0db4dc95f93332699f8c09283db0d61340f5ffa
-
SHA256
ae4070d4d1d148f1bbaa61472c5202c4e0ee6f87be1a2e2925092a07510c9515
-
SHA512
675b3a9981f63062b807eee84fe05ba8dcb77a966075778bbcd4c91f9c6a4dd100ba002bf64cc3f0fceab6c1f62ac91575f2c6e9264dbfd8c280d1127e7696a1
-
SSDEEP
393216:50OJk/W4I8hlzFiibL2Vmd6mM0Gzajj3rzmAvlSR+mY1irEhhxC1YVSv:mOJZ4hF7yVmdEEjbzmXAmihf8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
beans.pyc
-
Size
5KB
-
MD5
0855932203ee1e6be4fd2404beeccbc0
-
SHA1
e0cefe0214740e0ec980ed0845ad44922d795c29
-
SHA256
58d462dfbcb816851223e03d909547852e2cc1cfb5a190768d26b8e19c09b2fd
-
SHA512
6b9dc80ab9f092fa0a397481d7711a3a9f30fbbdd2641dfb63e540ec726464a9739cd3142007da2a456dc7cdfe9364d266502a818d7d45387bba2ba1586795f6
-
SSDEEP
96:6WdWWOrTS4zlFaP4nQ4GOOwAggBk8t6hteEQPwzYb7orkTAqn:6sirbz2b7aAlW8YzwPwno
Score3/10 -