General
-
Target
.
-
Size
147KB
-
Sample
240420-xjtrlsfg5t
-
MD5
1857b78cc695fa858880ed5203af8999
-
SHA1
170a5b54dba37095af834d76f4f5062c48cf5a4e
-
SHA256
bcf6979216dc10c957d4dc9f15cb3f8581c9ef596a2e126061a4cba8d992e46a
-
SHA512
a7ef8183e44aa1e06c193d6de7a4b300bc5c3ec00bc229f2cc12e5fa44bbf9dc67f07df31b6702fa43e3b0b8ccd2f1f2152d83f6992ac56658be2d3217c5c113
-
SSDEEP
1536:orkud8LonVJoqYarK4DsYNgRyypRMPuNPV5nPztP4FPfaParP8R4DJ2PWTllU0r4:6kPL6WVMllhAYnHhqiS
Malware Config
Targets
-
-
Target
.
-
Size
147KB
-
MD5
1857b78cc695fa858880ed5203af8999
-
SHA1
170a5b54dba37095af834d76f4f5062c48cf5a4e
-
SHA256
bcf6979216dc10c957d4dc9f15cb3f8581c9ef596a2e126061a4cba8d992e46a
-
SHA512
a7ef8183e44aa1e06c193d6de7a4b300bc5c3ec00bc229f2cc12e5fa44bbf9dc67f07df31b6702fa43e3b0b8ccd2f1f2152d83f6992ac56658be2d3217c5c113
-
SSDEEP
1536:orkud8LonVJoqYarK4DsYNgRyypRMPuNPV5nPztP4FPfaParP8R4DJ2PWTllU0r4:6kPL6WVMllhAYnHhqiS
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-