General
-
Target
Judosa_Point.rar
-
Size
73.5MB
-
Sample
240407-2gjwvage2w
-
MD5
def5592d03bc4b81ec15d3781b7f3116
-
SHA1
911424ea344c6d8882c096fb5d805850d541b570
-
SHA256
4ef44954ca1192d62c7305a7ba83986a3c98744a112ae7b4ea5a1afe635f5887
-
SHA512
842f2a7ce881313609ee7dc542a4ebee2a18fba51367f426270281ec6e25bf92519a9b579460822e9495389d6a889ab653acb839cb5a7a4f9c36c7d29a3f72ad
-
SSDEEP
1572864:Nq/R0P0czoCx3D0frZCsmHaOl2/IzA7kfzIp8sQk/JwjkIq7xx:YLczoS3oZCRfW/7kLIp8g/yjLq7xx
Static task
static1
Behavioral task
behavioral1
Sample
Judosa_Point.rar
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Judosa_Point.rar
-
Size
73.5MB
-
MD5
def5592d03bc4b81ec15d3781b7f3116
-
SHA1
911424ea344c6d8882c096fb5d805850d541b570
-
SHA256
4ef44954ca1192d62c7305a7ba83986a3c98744a112ae7b4ea5a1afe635f5887
-
SHA512
842f2a7ce881313609ee7dc542a4ebee2a18fba51367f426270281ec6e25bf92519a9b579460822e9495389d6a889ab653acb839cb5a7a4f9c36c7d29a3f72ad
-
SSDEEP
1572864:Nq/R0P0czoCx3D0frZCsmHaOl2/IzA7kfzIp8sQk/JwjkIq7xx:YLczoS3oZCRfW/7kLIp8g/yjLq7xx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
-
-
Target
Judosa Point.exe
-
Size
73.4MB
-
MD5
eb3f4d5675cb14b5319088e6f467e75a
-
SHA1
a6761e558df1db71137ac621bd305def9f77814b
-
SHA256
972c671ab90ff0f6918f9e50b5c03ba03eb137a103d58c8f9296a45198e5795f
-
SHA512
b00d4eb2e8802c20b50674d9f0d4de655fb157727f7a85b28adf77a72d9485c79ffe2358e0ff65de5ceaa38e90fed6d00a00f1f816607220b73778a1ae36504b
-
SSDEEP
1572864:PpJ39Kk9MjWKCKVM5B8ceyIS7nqYdd6hIEhSmnJZxRByuZXFqsB:Pwk9MjxCSE/vP7nMhJnzxRB5ZX5B
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-