General
-
Target
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
-
Size
2.5MB
-
Sample
240519-b1mtqsbg74
-
MD5
4543f278f2cf358e16e2284dc6ae4314
-
SHA1
52ca6e6f1b73d7c3805c9812a4751a2d2333b690
-
SHA256
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3
-
SHA512
76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d
-
SSDEEP
24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC
Static task
static1
Behavioral task
behavioral1
Sample
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
http://39.107.242.125:666/lFZQ
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
Targets
-
-
Target
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
-
Size
2.5MB
-
MD5
4543f278f2cf358e16e2284dc6ae4314
-
SHA1
52ca6e6f1b73d7c3805c9812a4751a2d2333b690
-
SHA256
8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3
-
SHA512
76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d
-
SSDEEP
24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-