General
-
Target
file_f193177c54774b64911bda96bd0e7afe_2024-03-22_15_42_42_589000.zip
-
Size
1.7MB
-
Sample
240322-tg6fvafg7v
-
MD5
64048182254d24af1630a8e1673db039
-
SHA1
9ca424ce04354f961c6a3fc529156c5cd73d34d8
-
SHA256
ab882b85082ec2bb88b8e445682cddd5d01acd5221a6234121c3dd03128f950c
-
SHA512
d89dbd17b700346c63f209773257126f232900b3be4da6ccc0a3f7b68f08c7bb6045a44f63b168093e99d87ace0ddf0d2754146db38f1691ec5eef330f6bb2a6
-
SSDEEP
49152:QY1/kgbdodti4yqAb58T/G7+lDUbO78FQMZXwGW/:Qu/kbti4yqAln7+lDUbUXAwB
Static task
static1
Behavioral task
behavioral1
Sample
entry_1_0/ConvertPDF_47314555.msi
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
entry_1_0/ConvertPDF_47314555.msi
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
entry_1_0/ConvertPDF_47314555.msi
-
Size
4.0MB
-
MD5
f7064f3abf27dc4ce190de6a52fa829b
-
SHA1
2b84fc41ad585de7438f101ff3313804a50f2491
-
SHA256
6a93034984b4eb700cc992dd411b1d69a5a8d23bf373a3ec8bdcc49b41188bbc
-
SHA512
acc4d803b5b71587b401b3ebed58207648356b0d6b678bda2b93885758f62418d8af91a6b9f2755fd2ca18fd9cd49e61967781ac96246027133495d4487ee475
-
SSDEEP
49152:ByP6leHBG5q7vj6f4dCItiGS5oW8XlT45HqhpP9gY0dB0lAwvI/oSrlpVYnaQhOH:Bplehu+WaiBrk2gBDCtaN
Score8/10-
Adds Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-