General
-
Target
ParteDenuncia.rar
-
Size
1.2MB
-
Sample
240517-ra5jvsbc35
-
MD5
7b70fbc992152d753ec3d3df02dd8c8f
-
SHA1
d3939990389c9c2b9309793d6d60b79734b515dc
-
SHA256
aa7d80daa488e8627316e1e24bef1a713ae4f86e4a6304c6784b6187ad0433d9
-
SHA512
c247df47cee3a9432eefb890a7afd355ece04e019fd4ada1bd9f5eed9099efe83494835467694fb4a164b4bcb9651f6c37a470e42d949d4233ff1e07b24064d5
-
SSDEEP
24576:dUxAjJ5eWilajWpv0+fCpyjYq0AUeYHa6MGDrtfTh+j3udsUbzN:dbJ5eWLWp8EsyjWeYlrtfTzdJ9
Static task
static1
Behavioral task
behavioral1
Sample
ParteDenuncia.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ParteDenuncia.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
ParteDenuncia.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
ParteDenuncia.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ParteDenuncia.rar
-
Size
1.2MB
-
MD5
7b70fbc992152d753ec3d3df02dd8c8f
-
SHA1
d3939990389c9c2b9309793d6d60b79734b515dc
-
SHA256
aa7d80daa488e8627316e1e24bef1a713ae4f86e4a6304c6784b6187ad0433d9
-
SHA512
c247df47cee3a9432eefb890a7afd355ece04e019fd4ada1bd9f5eed9099efe83494835467694fb4a164b4bcb9651f6c37a470e42d949d4233ff1e07b24064d5
-
SSDEEP
24576:dUxAjJ5eWilajWpv0+fCpyjYq0AUeYHa6MGDrtfTh+j3udsUbzN:dbJ5eWLWp8EsyjWeYlrtfTzdJ9
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
ParteDenuncia.exe
-
Size
2.4MB
-
MD5
7e5490e5ee13eb6f567da9312a50ac4f
-
SHA1
882e50b559806c13dbe9056262d2ec6b0ceaef94
-
SHA256
f98cb51b72234756df112ccfa9a412c20b313c26ef459b042a99a090a0ced8d8
-
SHA512
fcc1f3b2a58baa5b6db8bc272533a423316d42c8ff7a1805374130ae97e66ccf1d830d9b4ef4039ae910970fa87b9752366a7aeccae27c9ac1c9dae47dc63bc9
-
SSDEEP
24576:zYsfpxSOMSlpH06QWVqmDlH54jm+G7liuzp0nwTMe4iqtKmj1XL8tkfu3uCQLt+d:zYsfpxSelV9ZHHGv78WjDLaArkwXX
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-