General
-
Target
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304
-
Size
1.7MB
-
Sample
240425-xygetsdg59
-
MD5
e4f7f869fb843fb9bacab49a68c531ae
-
SHA1
75e9f6901eb40d25944be820602e903262f25c2b
-
SHA256
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304
-
SHA512
a5c8688766a2a6ac32be8f8d44b890b834cd0f869d648f913f6ce2ad40fe984e9914169adee7d154e5963d33e3200273e007648e0f359be14c8e50c5c9faf3f4
-
SSDEEP
24576:LrMkmmLHo7qXzHd6xGWjrtJf/zKuoZz6h/q7dS2hHem:Lm4HoGAxBf7DLzhS7
Static task
static1
Behavioral task
behavioral1
Sample
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
http://47.97.41.107:443/static/js/libs/masonry.pkgd.min.js
-
user_agent
Accept: */* Accept-Language: en-US,en;q=0.9 Referer: https://www.python.org/ Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.140 Safari/537.36
Targets
-
-
Target
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304
-
Size
1.7MB
-
MD5
e4f7f869fb843fb9bacab49a68c531ae
-
SHA1
75e9f6901eb40d25944be820602e903262f25c2b
-
SHA256
87e6efd951d8828980ce97054108b3c78e765a333ae0422e6735b2e586ca8304
-
SHA512
a5c8688766a2a6ac32be8f8d44b890b834cd0f869d648f913f6ce2ad40fe984e9914169adee7d154e5963d33e3200273e007648e0f359be14c8e50c5c9faf3f4
-
SSDEEP
24576:LrMkmmLHo7qXzHd6xGWjrtJf/zKuoZz6h/q7dS2hHem:Lm4HoGAxBf7DLzhS7
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-