General
-
Target
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38
-
Size
4.5MB
-
Sample
240522-zlgaeagb63
-
MD5
37b47b3f62158da52a57c1d3ca6e9c0d
-
SHA1
ac6e9d8babe61cf57ab2890ebc2dfe47b3d78ce5
-
SHA256
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38
-
SHA512
c96bb023da6b5b4571fcf4e5d2ebc09f17c2c02a976a5cb5f6da60b313f5cb1c8872d3574f9cc6ddd7c8af430def0ca3d5309da39f6e71601ec9e146f1a562ad
-
SSDEEP
49152:w2KXFr7f4ELn86c9Rycf7oq75pWOiejjNxWg0Lcx8J5VJAH8P+l+vcT2y6bXmLRp:NKXFr7fz8x9EcHIVGD+eObWIvfK7
Static task
static1
Behavioral task
behavioral1
Sample
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38
-
Size
4.5MB
-
MD5
37b47b3f62158da52a57c1d3ca6e9c0d
-
SHA1
ac6e9d8babe61cf57ab2890ebc2dfe47b3d78ce5
-
SHA256
3db6d14d9e23346be0d518efe166bc47633789ee26ec1a7b89f2730f101c1a38
-
SHA512
c96bb023da6b5b4571fcf4e5d2ebc09f17c2c02a976a5cb5f6da60b313f5cb1c8872d3574f9cc6ddd7c8af430def0ca3d5309da39f6e71601ec9e146f1a562ad
-
SSDEEP
49152:w2KXFr7f4ELn86c9Rycf7oq75pWOiejjNxWg0Lcx8J5VJAH8P+l+vcT2y6bXmLRp:NKXFr7fz8x9EcHIVGD+eObWIvfK7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2