Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01/10/2024, 02:38
Static task
static1
Behavioral task
behavioral1
Sample
eVOL v21.zip
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
eVOL v21.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
eVOL v21/hack/hack.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
eVOL v21/hack/hack.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
eVOL v21/hack/loader.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
eVOL v21/hack/loader.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
eVOL v21/hack/loader.exe
-
Size
580KB
-
MD5
eb297cd79cc0c4b92adb688affbb9efd
-
SHA1
ffa7aed54ece6612ba7e591fc062b942eb0405bf
-
SHA256
7684812dd545ef5bd833207baf17a9fb4540b6bb42354ce87e2e5e70847c43f3
-
SHA512
e919779f42e67e8cb0aac4e78a07d0cec95da7b36959a2bfa350630a7e63d3e37b53a7273ec3717adf697afdbb6553858833f073a5e566ef13af037dc0d2155e
-
SSDEEP
6144:B6TwqEUgOZoP8MVNgntk6hnI4v9DeFbduWX:BbkroUMrgtk6hBVybgWX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language loader.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe 2696 loader.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2696 loader.exe 2696 loader.exe 2696 loader.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2696 loader.exe 2696 loader.exe 2696 loader.exe