General
-
Target
74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994.exe
-
Size
2.0MB
-
Sample
240320-tla6hadc8t
-
MD5
2f05a56a349dce85119e7fda9e8047ac
-
SHA1
2f5afa9af299cba599c57fd99319268db803b31b
-
SHA256
74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994
-
SHA512
fe85ed5b4702c60770dca17790e826a64cbb028fd0ee6d325cac90e3040efe9700eb7db0d11c71f7dfab20d283acb036e6c8cb3de61ca7e583c28026acf08d0b
-
SSDEEP
49152:13NvRA0BjE8tCpIQontgzhDeGN8HHA7twVJ6M7Qzio1/Hzwo7L:13Q0BnkpiCzhjNaHA7M7Qz/bh7L
Behavioral task
behavioral1
Sample
74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994.exe
-
Size
2.0MB
-
MD5
2f05a56a349dce85119e7fda9e8047ac
-
SHA1
2f5afa9af299cba599c57fd99319268db803b31b
-
SHA256
74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994
-
SHA512
fe85ed5b4702c60770dca17790e826a64cbb028fd0ee6d325cac90e3040efe9700eb7db0d11c71f7dfab20d283acb036e6c8cb3de61ca7e583c28026acf08d0b
-
SSDEEP
49152:13NvRA0BjE8tCpIQontgzhDeGN8HHA7twVJ6M7Qzio1/Hzwo7L:13Q0BnkpiCzhjNaHA7M7Qz/bh7L
-
Detect BunnyLoader
-
PureLog Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-