General
-
Target
kav21.3.10.391en_26074.exe
-
Size
2.6MB
-
Sample
240521-tttyksbe73
-
MD5
db7a22234425b05bb4a1f560e112ce24
-
SHA1
efac3e678234ac987c7f206f9f65b7de283307bb
-
SHA256
33eee5f66a38fc66f52d7346251d1017d9a02aac7cc4c7a9cb367549d577b886
-
SHA512
39ab0d09cd0dcb442c4fc12a07da92351f3e12a63307064573722aba02a7d2cce5d5b46dde4d3f158b96b80efb95ddf7f9e6219b979eb501b95051394a948ce8
-
SSDEEP
49152:u47Nlau3ZHJvDrOV9Gcwb/alTe/iXMNLdcE/EBSDre/2jX8oa:ueNlau3RJOV9GvZbRDe/2zU
Malware Config
Targets
-
-
Target
kav21.3.10.391en_26074.exe
-
Size
2.6MB
-
MD5
db7a22234425b05bb4a1f560e112ce24
-
SHA1
efac3e678234ac987c7f206f9f65b7de283307bb
-
SHA256
33eee5f66a38fc66f52d7346251d1017d9a02aac7cc4c7a9cb367549d577b886
-
SHA512
39ab0d09cd0dcb442c4fc12a07da92351f3e12a63307064573722aba02a7d2cce5d5b46dde4d3f158b96b80efb95ddf7f9e6219b979eb501b95051394a948ce8
-
SSDEEP
49152:u47Nlau3ZHJvDrOV9Gcwb/alTe/iXMNLdcE/EBSDre/2jX8oa:ueNlau3RJOV9GvZbRDe/2zU
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Checks for any installed AV software in registry
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-