General
-
Target
Новый текстовый документ.txt
-
Size
168KB
-
Sample
240418-sya6lahh91
-
MD5
953ec43a9f2af247865414b304734943
-
SHA1
c88fb71cdb02528e32c509272822c8f6aa5c0208
-
SHA256
5ed187d88fec617d94c2382cf97bf42007c0367582e594e9e15b17842ba93ae4
-
SHA512
0db63e669fa1bb8322874fc6ee8ee471441226407cf93ac511b2ce69aad6649535080f855003cd1bce4f2531b9b283d5a558205491700d6b00bd7eda256a15f5
-
SSDEEP
192:a66666666666666666666666666666666666666666666666666666666666666K:n
Static task
static1
Behavioral task
behavioral1
Sample
Новый текстовый документ.txt
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Новый текстовый документ.txt
-
Size
168KB
-
MD5
953ec43a9f2af247865414b304734943
-
SHA1
c88fb71cdb02528e32c509272822c8f6aa5c0208
-
SHA256
5ed187d88fec617d94c2382cf97bf42007c0367582e594e9e15b17842ba93ae4
-
SHA512
0db63e669fa1bb8322874fc6ee8ee471441226407cf93ac511b2ce69aad6649535080f855003cd1bce4f2531b9b283d5a558205491700d6b00bd7eda256a15f5
-
SSDEEP
192:a66666666666666666666666666666666666666666666666666666666666666K:n
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-