General
-
Target
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi
-
Size
1.5MB
-
Sample
240923-vqyysstgqj
-
MD5
5ba3dd339379dd640002ca9dee880ce0
-
SHA1
d68b36f919b3f131f7c25c0d0cfa0ee22f79aa23
-
SHA256
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5
-
SHA512
3527a3f738e084c8522d8976594eb9d3d38642296b9794b6e58ea1a40850c52794e498fb72f997695d12aac800327370edccc2b6fcc97d3d4ab76b1ca4fb66ed
-
SSDEEP
24576:A5LWW2cDo6vLV15xTHfCIr43Hm2pDA9mtByVcNPEuXggR89g:OKW306vLV15AFGJ9uB0cBRXfp
Static task
static1
Behavioral task
behavioral1
Sample
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi
-
Size
1.5MB
-
MD5
5ba3dd339379dd640002ca9dee880ce0
-
SHA1
d68b36f919b3f131f7c25c0d0cfa0ee22f79aa23
-
SHA256
f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5
-
SHA512
3527a3f738e084c8522d8976594eb9d3d38642296b9794b6e58ea1a40850c52794e498fb72f997695d12aac800327370edccc2b6fcc97d3d4ab76b1ca4fb66ed
-
SSDEEP
24576:A5LWW2cDo6vLV15xTHfCIr43Hm2pDA9mtByVcNPEuXggR89g:OKW306vLV15AFGJ9uB0cBRXfp
-
Detects PikaBot botnet
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-