General
-
Target
iplasetup.exe
-
Size
39.8MB
-
Sample
240803-prlrzaxhlf
-
MD5
e872bca75b21b9fd7ea0ccd762d399d9
-
SHA1
aac2a9bf68f87fc237ac121085328071e108ed2a
-
SHA256
26af88cdc77ebe6ae1ac8d015658b05d93df4a4504ae6ab61919008e891d22af
-
SHA512
3bc06f126d92bbd6e8f8f19a90632ba9e0b3232a62ec94db021ffa987efe48c63df671ad47805e43f5878916a1f7ec8ede5808d38cb641737ebcbad1c62535ef
-
SSDEEP
786432:2aiqD9o7TuCV0GvGEpjWWHAxsD8TgdyCCD06KsEKjwUzAqhyNjg797+zr2sZW:2ko7J5eoE4WqTm0ABwY7hy9gp7+X2sk
Static task
static1
Behavioral task
behavioral1
Sample
iplasetup.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
$TEMP.dll
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
iplasetup.exe
-
Size
39.8MB
-
MD5
e872bca75b21b9fd7ea0ccd762d399d9
-
SHA1
aac2a9bf68f87fc237ac121085328071e108ed2a
-
SHA256
26af88cdc77ebe6ae1ac8d015658b05d93df4a4504ae6ab61919008e891d22af
-
SHA512
3bc06f126d92bbd6e8f8f19a90632ba9e0b3232a62ec94db021ffa987efe48c63df671ad47805e43f5878916a1f7ec8ede5808d38cb641737ebcbad1c62535ef
-
SSDEEP
786432:2aiqD9o7TuCV0GvGEpjWWHAxsD8TgdyCCD06KsEKjwUzAqhyNjg797+zr2sZW:2ko7J5eoE4WqTm0ABwY7hy9gp7+X2sk
-
Detects Strela Stealer payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$TEMP
-
Size
5KB
-
MD5
db40175690a780def9e6c6327654be11
-
SHA1
703c074a625fad245300fb97657f640e91ce36d6
-
SHA256
08a4ab71158afdaea82ae1f5670ae87b0b03facd606db26d4861c178b630cec2
-
SHA512
17012e166365a48a7dcc92aa9f4d67e6fafa347eb637f434d99a4f0f62fd6a438eb21e98aff18f04cc56e3d91e97022a2bf4ef35278d9d15146dbeab6d3c5c7a
-
SSDEEP
96:FnGNpgIYetuYR/8oJ00/NF73XK9FoyC7tCElY:FGNpueUY91JnP6
Score3/10 -