General
-
Target
rocl.exe
-
Size
8.8MB
-
Sample
240516-vw2a4sfe44
-
MD5
ec4aa7c21dc36fea555651f7c57d0b0c
-
SHA1
8827af434ad668add92904ede295cb861d64029b
-
SHA256
9c4a079fff173b3d4e3142226b8c5524626c676f0b3d04c79c9f08639f2e0ba3
-
SHA512
2023cd955524f2267c159ae38681f53f8fd65dcb25489a4d0b2d373c844406aa6dc985344709f5c81bec7ae833f1e64528ad591f49e579e382928d0b8c796c20
-
SSDEEP
196608:KhXuXjQW0nBA1HeT39IigQdeE9TFa0Z8DOjCdylLhYMfZGNJnzd+dzqKO:h0vnq1+TtIiLUY9Z8D8CcldlRGNJHK
Behavioral task
behavioral1
Sample
rocl.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
rocl.exe
-
Size
8.8MB
-
MD5
ec4aa7c21dc36fea555651f7c57d0b0c
-
SHA1
8827af434ad668add92904ede295cb861d64029b
-
SHA256
9c4a079fff173b3d4e3142226b8c5524626c676f0b3d04c79c9f08639f2e0ba3
-
SHA512
2023cd955524f2267c159ae38681f53f8fd65dcb25489a4d0b2d373c844406aa6dc985344709f5c81bec7ae833f1e64528ad591f49e579e382928d0b8c796c20
-
SSDEEP
196608:KhXuXjQW0nBA1HeT39IigQdeE9TFa0Z8DOjCdylLhYMfZGNJnzd+dzqKO:h0vnq1+TtIiLUY9Z8D8CcldlRGNJHK
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-