General
-
Target
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
-
Size
393KB
-
Sample
240521-lf94msgd54
-
MD5
c24b006757a1547f186ae964692d6ced
-
SHA1
9aaf71667f51d5370097e67af437ebd4a1706d17
-
SHA256
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
-
SHA512
44814cac7370ab690f2d24e3e4b911b96a1bf9b324f85ac59cbcbbae3acc06c99b321060ffa921e313c6369293e7cc845d9ff97b147299d712d2b31b92252d96
-
SSDEEP
6144:OgZiAEAO0sByNsAal3gVAWgS7/Ohwj3ulclvo7sxExUkK:OgZXEAO/BUdG3gVdt7KSwivouESH
Static task
static1
Behavioral task
behavioral1
Sample
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
http://120.55.183.201:8001/NAVx
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)
Targets
-
-
Target
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
-
Size
393KB
-
MD5
c24b006757a1547f186ae964692d6ced
-
SHA1
9aaf71667f51d5370097e67af437ebd4a1706d17
-
SHA256
a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
-
SHA512
44814cac7370ab690f2d24e3e4b911b96a1bf9b324f85ac59cbcbbae3acc06c99b321060ffa921e313c6369293e7cc845d9ff97b147299d712d2b31b92252d96
-
SSDEEP
6144:OgZiAEAO0sByNsAal3gVAWgS7/Ohwj3ulclvo7sxExUkK:OgZXEAO/BUdG3gVdt7KSwivouESH
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-