41e34fc76fd43a06cc56b223578beed100702dc5090285093f7d3fb1b61fe729

General

Target

Downloads.7z
Size

25.2MB
Sample

240626-1lvy8sybql
MD5

38d8194d58005b4f05e462a5071e856e
SHA1

9f360bc3a31b2b297f1ea61204cca2eeac1dd591
SHA256

41e34fc76fd43a06cc56b223578beed100702dc5090285093f7d3fb1b61fe729
SHA512

dcc6cadb3bc4840128694f181c120c1ecd470374cfaffa39494a06bc845e2b06e24c90be64b2872931cf9de8235ed6d9c28b569a62f8d6420db056bbfa708b04
SSDEEP

786432:6ueeCyWnItwHhMoJd8UChYSu/Dnr0CgkrU5EhGGNB:6OZWnIiHa/PuPla5EhGGX

Score

6^/10

Malware Config

Targets

- Target
  
  main.py
- Size
  
  857B
- MD5
  
  b5a2a4002a544f362640e5515ac5b33c
- SHA1
  
  395dd9b9d6d9698b8e88897f4c68c21d76b2ae67
- SHA256
  
  483136dd4c00841ea0091676acf194a97ffc37ed4cb9774c68c30842da55e4eb
- SHA512
  
  5dfe9ae5f77d3c4d730e7b37cd0e62bdb652ccc72e30452762c12a370828cae9aa5101c0348fbdf479e3456151e7fdcfe874c749d8410a03d9ad3920d56fc6ee
Score

3^/10
behavioral1 behavioral2
- Target
  
  python-3.12.4-amd64.exe
- Size
  
  25.5MB
- MD5
  
  f3df1be26cc7cbd8252ab5632b62d740
- SHA1
  
  3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
- SHA256
  
  da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
- SHA512
  
  2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
- SSDEEP
  
  786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
Score

6^/10

discovery persistence privilege_escalation
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3 behavioral4