General
-
Target
7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15
-
Size
623KB
-
Sample
240625-3lphka1amg
-
MD5
b3c93663d9ff1c807ccfd89d296d009b
-
SHA1
054917c3e37da49916f252213a98b79c9017bb77
-
SHA256
7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15
-
SHA512
dbe0e141b6cc36138761761940feebaabffbfd45638630ff08242c0f55a3a3ccf32b7f07cac9ce537f28fc952cdf351a672f799a200f272c345f04e89c0bd69b
-
SSDEEP
6144:imbmLppYOuakYGWV5Q4XMxvQ4x1OpGcm9VQl0lM/oJ4/gupXWy7:ima6idv8zzkGHVqoq/gKWK
Behavioral task
behavioral1
Sample
7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15.exe
Resource
win7-20240221-en
Malware Config
Extracted
urelas
218.54.31.226
218.54.31.165
Targets
-
-
Target
7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15
-
Size
623KB
-
MD5
b3c93663d9ff1c807ccfd89d296d009b
-
SHA1
054917c3e37da49916f252213a98b79c9017bb77
-
SHA256
7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15
-
SHA512
dbe0e141b6cc36138761761940feebaabffbfd45638630ff08242c0f55a3a3ccf32b7f07cac9ce537f28fc952cdf351a672f799a200f272c345f04e89c0bd69b
-
SSDEEP
6144:imbmLppYOuakYGWV5Q4XMxvQ4x1OpGcm9VQl0lM/oJ4/gupXWy7:ima6idv8zzkGHVqoq/gKWK
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-