General
-
Target
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
-
Size
22KB
-
Sample
240604-axhj6seh7v
-
MD5
f863353331d71fbe761c1e2758fd04fd
-
SHA1
a3ebd26f25bce8caef1ed5edb77b6c74ca57101e
-
SHA256
06cfaf6db18dc771749a663dd42ebfc88c35903f1a09297986d0b0fef679f815
-
SHA512
5cb840b81c385651805a87a6b3b7e624522147c7a1d834cbda537913df3cd0e7b431a12b314479264ba82f1bda8524f2b7097bb499c43f50e175b8069d9162df
-
SSDEEP
384:kBOj2T5f/5tO22NCH9svsJ6kNIK4XJ3LB5U/lHF9+IdTTmrE4Nt3Hog4aYhw5l7a:b8FN2wH2vsFrsvor97TeE4T4j1hwf0tT
Static task
static1
Behavioral task
behavioral1
Sample
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
-
Size
22KB
-
MD5
f863353331d71fbe761c1e2758fd04fd
-
SHA1
a3ebd26f25bce8caef1ed5edb77b6c74ca57101e
-
SHA256
06cfaf6db18dc771749a663dd42ebfc88c35903f1a09297986d0b0fef679f815
-
SHA512
5cb840b81c385651805a87a6b3b7e624522147c7a1d834cbda537913df3cd0e7b431a12b314479264ba82f1bda8524f2b7097bb499c43f50e175b8069d9162df
-
SSDEEP
384:kBOj2T5f/5tO22NCH9svsJ6kNIK4XJ3LB5U/lHF9+IdTTmrE4Nt3Hog4aYhw5l7a:b8FN2wH2vsFrsvor97TeE4T4j1hwf0tT
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-