General
-
Target
Image_logger.zip
-
Size
7.5MB
-
Sample
240511-md5xksfc26
-
MD5
a7d128dcbdb1b8066cd728a2cb7b7fd3
-
SHA1
79e9bcb321d8561be0553e38355fdaec70f7c4fa
-
SHA256
f5b86b39ea504f53057e39de577fa8f3ec35cd89341604914aa01c1bb80fe771
-
SHA512
9ac43372b0d721d3dc2a5768a959b70dbb16156f7e4d675fb5cb15ede85e80e2583c26d3882fd6ea62853c272317a26e85ce95866625b9b5b941579431317cd5
-
SSDEEP
196608:be5Rym5scyrNROXQxE3fjRC+D3owHwjeu:be5Imr4OxPjJowHwjeu
Static task
static1
Behavioral task
behavioral1
Sample
Image logger/Imagelogger.png.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Image logger/Imagelogger.png.exe
-
Size
7.8MB
-
MD5
94f4491e716e038069a1a47802c6ccb1
-
SHA1
9415709b1b9d8148ec22dd8d03d3e0ddc75e7ad1
-
SHA256
c426c4c9652f014060f3a4c6f700c2abc27190402a81126cf9a11ca6d5bf7bdb
-
SHA512
19a7b17d1e38ab68f6f63d3478d2154f5ee13acfb278eb00f7496e4248adac3b1e68ab1f7aa308ba056e259e936dd5fc38373c6bbea142279f8e4dc9ddf54037
-
SSDEEP
196608:33G7tP2OF024LBHAn6xQTRPR4UV5Eyj8Fy6:AtuOnyA51PjEyj8Fy6
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-