General
-
Target
ReturnSouls.rar
-
Size
73.5MB
-
Sample
240508-3b7w6afe63
-
MD5
8c8b1956c19c6bb3df42ec766e9073b3
-
SHA1
fca6f4f4b15bf98ac910a5b6cc1ce9282dc6776f
-
SHA256
5104e9e1fab191cabfd84c3ec58a55ccdf5cd9fb5a9c635417106b1705655717
-
SHA512
5b36ce642eee744d931ac41bb60987d97e4e019d46e6d330b27e291b25e45de57950a7c8fd420d310b866ab8bdc363b6ba9a7e9198a9547b6e832b7f8ae44ef6
-
SSDEEP
1572864:g/J39KNRL9MXPoB8ceyIS7nqYdd6hIEhSmnJZxRByuyXFPj:gqN19Mfo/vP7nMhJnzxRB5yXdj
Malware Config
Targets
-
-
Target
ReturnSouls.exe
-
Size
73.5MB
-
MD5
0d236beb0146f2f90033bd92a74c5e07
-
SHA1
54becc593bd5cc2e5504e39c4552073901d0562f
-
SHA256
24f10f5416bbce596e8de56981fc5972bcef0c0062275ce0b9543adea13a42f6
-
SHA512
9115ad3875e44572482cfef3f918d579e0d40fa0050d99c194dfb8101cee5c1e46840cd98e79783d82749ac3730193b3b6f11ae2d522fb82a62a475e783fc3f0
-
SSDEEP
1572864:G/J39KNRL9MXPoB8ceyIS7nqYdd6hIEhSmnJZxRByuyXFPJ:GqN19Mfo/vP7nMhJnzxRB5yXdJ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-