General
-
Target
setup.exe
-
Size
6.3MB
-
Sample
240428-zmkzzshb81
-
MD5
a63018cc078f57c640ac2ec8ed84dead
-
SHA1
1f5c17894a755114527e92304f4a74195c48031d
-
SHA256
41d01d8fc610b6ceb17687c58973ee8f6a7bbdc1eb6deb19297e3f4c4c62b558
-
SHA512
a42f522745bbe8b36ea60d7688a713bce89df2f7b0f5c7ad7b32bc43989fca71e00d817692263ea4004ad6be23e64dd9d3d2f1dfbe7b5038cf4b79b7064a9864
-
SSDEEP
196608:91OaXf1Vgw0Q2GekhBTUpKiTOZ5FrrOhU+3:3OaXf1Gwbek/QKis5FO33
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
6.3MB
-
MD5
a63018cc078f57c640ac2ec8ed84dead
-
SHA1
1f5c17894a755114527e92304f4a74195c48031d
-
SHA256
41d01d8fc610b6ceb17687c58973ee8f6a7bbdc1eb6deb19297e3f4c4c62b558
-
SHA512
a42f522745bbe8b36ea60d7688a713bce89df2f7b0f5c7ad7b32bc43989fca71e00d817692263ea4004ad6be23e64dd9d3d2f1dfbe7b5038cf4b79b7064a9864
-
SSDEEP
196608:91OaXf1Vgw0Q2GekhBTUpKiTOZ5FrrOhU+3:3OaXf1Gwbek/QKis5FO33
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-