General
-
Target
OneLaunch - PDF_i3nxg.exe
-
Size
3.2MB
-
Sample
240222-ttb3rscc4z
-
MD5
6a05cd2d9491ef255c709724b782b476
-
SHA1
6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6
-
SHA256
b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8
-
SHA512
e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc
-
SSDEEP
49152:rqe3f6RzHE7EZ0+H0OsvEaRA89WUU2M6gnGujqVX5rIJwI2J5PiH7nBGtO:mSiRzHE7EDHGTpWG0jgJLTiH7BUO
Static task
static1
Behavioral task
behavioral1
Sample
OneLaunch - PDF_i3nxg.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
OneLaunch - PDF_i3nxg.exe
-
Size
3.2MB
-
MD5
6a05cd2d9491ef255c709724b782b476
-
SHA1
6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6
-
SHA256
b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8
-
SHA512
e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc
-
SSDEEP
49152:rqe3f6RzHE7EZ0+H0OsvEaRA89WUU2M6gnGujqVX5rIJwI2J5PiH7nBGtO:mSiRzHE7EDHGTpWG0jgJLTiH7BUO
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-