General
-
Target
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95
-
Size
326KB
-
Sample
240803-aaxqkswcmq
-
MD5
507b8693f8cec7b03f1da71c816e97fe
-
SHA1
ddd0beddab6804abcf59f3c167d6079fc36a38ef
-
SHA256
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95
-
SHA512
8da841fed2f0ea1d41219b506dfee26d3b6d5b1a2e6c5eac1be0589637a3e1646215a0d87f98b3750db4de050d47d51144b6cc3d4e33072d9be9b74272097da5
-
SSDEEP
6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxMSz:DGHCnaomAEg3uPdkgOX+tZdxMSz
Static task
static1
Behavioral task
behavioral1
Sample
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
http://43.142.138.45:10002/uKe8
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)
Targets
-
-
Target
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95
-
Size
326KB
-
MD5
507b8693f8cec7b03f1da71c816e97fe
-
SHA1
ddd0beddab6804abcf59f3c167d6079fc36a38ef
-
SHA256
1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95
-
SHA512
8da841fed2f0ea1d41219b506dfee26d3b6d5b1a2e6c5eac1be0589637a3e1646215a0d87f98b3750db4de050d47d51144b6cc3d4e33072d9be9b74272097da5
-
SSDEEP
6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxMSz:DGHCnaomAEg3uPdkgOX+tZdxMSz
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-