General
-
Target
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
-
Size
291KB
-
Sample
240417-gqwa1sfe37
-
MD5
f67591721354565dabe3fe735220c6f0
-
SHA1
80fe9705193ced60398d8ae688e80f4df403c0ea
-
SHA256
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
-
SHA512
45cb3ae86df2f816e94b904a2f6a4339edcbe4e8a3dc635b8e6da6c26b3809d771bc4d865a1250ee2e5302311b3ad25fbb7d870f2188831584bed35421391e3c
-
SSDEEP
6144:KiubWrNSOetO6cprlQAOWizGLIoSd8nUbbq:dubsNSOetfARQAPyGUWYbq
Static task
static1
Behavioral task
behavioral1
Sample
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
http://192.168.220.128:80/JStL
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Targets
-
-
Target
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
-
Size
291KB
-
MD5
f67591721354565dabe3fe735220c6f0
-
SHA1
80fe9705193ced60398d8ae688e80f4df403c0ea
-
SHA256
e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
-
SHA512
45cb3ae86df2f816e94b904a2f6a4339edcbe4e8a3dc635b8e6da6c26b3809d771bc4d865a1250ee2e5302311b3ad25fbb7d870f2188831584bed35421391e3c
-
SSDEEP
6144:KiubWrNSOetO6cprlQAOWizGLIoSd8nUbbq:dubsNSOetfARQAPyGUWYbq
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-