General
-
Target
Yandex.exe
-
Size
9.1MB
-
Sample
240428-p7vptagc92
-
MD5
f49d0b527fba986f7142b8f37541c65d
-
SHA1
5ecee372d5b7017f5ff9382861415ad8ef89a210
-
SHA256
82fbeaaf322e56111753b9c00a1388bf52f8681075b716bc3f1bea44d4b1064e
-
SHA512
25c13c2d6fa79a71a0cf67e853682a8b4244dcb4deb4493bcf54d7a8a708f58a214488c9d0ba68f9cbe6a823b1a064b9b6b9d53bdeb8dae6c4dc6ddb84f413e7
-
SSDEEP
98304:nBTxzRg7+cSdVbub3sBzCynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vE:B1RQ3HSSJ7PbDdh0HtQba8z1sjzkA
Static task
static1
Malware Config
Targets
-
-
Target
Yandex.exe
-
Size
9.1MB
-
MD5
f49d0b527fba986f7142b8f37541c65d
-
SHA1
5ecee372d5b7017f5ff9382861415ad8ef89a210
-
SHA256
82fbeaaf322e56111753b9c00a1388bf52f8681075b716bc3f1bea44d4b1064e
-
SHA512
25c13c2d6fa79a71a0cf67e853682a8b4244dcb4deb4493bcf54d7a8a708f58a214488c9d0ba68f9cbe6a823b1a064b9b6b9d53bdeb8dae6c4dc6ddb84f413e7
-
SSDEEP
98304:nBTxzRg7+cSdVbub3sBzCynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vE:B1RQ3HSSJ7PbDdh0HtQba8z1sjzkA
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1