General
-
Target
YVLHFAC#XJFDRAZNVUHA.zip
-
Size
5.5MB
-
Sample
240514-bsgbzsea94
-
MD5
a460244a631b1b934fef9d75ecb55695
-
SHA1
7b2361caa0590e2d5888026c727f79f8c3e41011
-
SHA256
469d9d4815a2a5ef207f9c4ad6bafc7d8c1cfba3d432862961895f6d4fffac8f
-
SHA512
521e009cf18f29ee598357aff7079e9d1f946d9bb3d367b9e0ef85e883cf9402ace8e8f247a2219a150ff003c79ecb6f6c6995a0145264ce11331189020d4142
-
SSDEEP
98304:0xjko9kyYh6IGWLpcE70C9FYS8q42fB3PnfPMSAjOb83bgwbDbflc2hx0c+bwwv/:0J5EOE70C9GL2flkOY3kwbVxAfn
Malware Config
Targets
-
-
Target
YVLHFAC#XJFDRAZNVUHA.zip
-
Size
5.5MB
-
MD5
a460244a631b1b934fef9d75ecb55695
-
SHA1
7b2361caa0590e2d5888026c727f79f8c3e41011
-
SHA256
469d9d4815a2a5ef207f9c4ad6bafc7d8c1cfba3d432862961895f6d4fffac8f
-
SHA512
521e009cf18f29ee598357aff7079e9d1f946d9bb3d367b9e0ef85e883cf9402ace8e8f247a2219a150ff003c79ecb6f6c6995a0145264ce11331189020d4142
-
SSDEEP
98304:0xjko9kyYh6IGWLpcE70C9FYS8q42fB3PnfPMSAjOb83bgwbDbflc2hx0c+bwwv/:0J5EOE70C9GL2flkOY3kwbVxAfn
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-