General
-
Target
05fa44a4491ca6ef93ee21ce33c14f4274401e1b2c914d7cac772cdf8e25fb4e
-
Size
297KB
-
Sample
240311-xe59vada65
-
MD5
4ea309874c30b475dc65eb5ebd8cf309
-
SHA1
921a53a125f507b829ef1bca30d950c849ea8329
-
SHA256
05fa44a4491ca6ef93ee21ce33c14f4274401e1b2c914d7cac772cdf8e25fb4e
-
SHA512
5241833587abd2206c526738a54a829e870be348cab9f10ab159cc67569f408bb9ec76bb354b255272f53dd57eca8cb987b80b77f9607063801acf25f01be0b6
-
SSDEEP
6144:kN43gKpDPeVvnAmZ64XMxvQ4x1OpGcm9VQl0lM/oJ4/gupQ:Y4npK2y8zzkGHVqoq/gP
Static task
static1
Behavioral task
behavioral1
Sample
05fa44a4491ca6ef93ee21ce33c14f4274401e1b2c914d7cac772cdf8e25fb4e.exe
Resource
win7-20240221-en
Malware Config
Extracted
urelas
218.54.31.226
218.54.31.165
Targets
-
-
Target
05fa44a4491ca6ef93ee21ce33c14f4274401e1b2c914d7cac772cdf8e25fb4e
-
Size
297KB
-
MD5
4ea309874c30b475dc65eb5ebd8cf309
-
SHA1
921a53a125f507b829ef1bca30d950c849ea8329
-
SHA256
05fa44a4491ca6ef93ee21ce33c14f4274401e1b2c914d7cac772cdf8e25fb4e
-
SHA512
5241833587abd2206c526738a54a829e870be348cab9f10ab159cc67569f408bb9ec76bb354b255272f53dd57eca8cb987b80b77f9607063801acf25f01be0b6
-
SSDEEP
6144:kN43gKpDPeVvnAmZ64XMxvQ4x1OpGcm9VQl0lM/oJ4/gupQ:Y4npK2y8zzkGHVqoq/gP
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-