General
-
Target
xfer records serum keygen torrent.7z
-
Size
18.2MB
-
Sample
241002-refraszelq
-
MD5
f09c651b93e9f95d179d52e45dcb00ad
-
SHA1
0cf9c39097c3eb303675de1ed399fda5f2bcdd33
-
SHA256
df2ad7b22cc43ffdf7fca650fdecd6cafc901ce5e983bdea15d24cba51c71947
-
SHA512
84fc76d686b43ac982f62a1adca93fb7cab8ecb176aeec5caebe36c66ef37ca9b99839f91dd88b05db6565c6fd09e2e9518e91d0ce9e34be2ee43920879b988a
-
SSDEEP
393216:PHrjo/u/zPGb+jmBWnJg0ZaDcuxib1N6nDhzX8fJ3Xof4hL81nXPARpA:PHvaurXks60UDdUbLuhot4QhQJXPA/A
Static task
static1
Behavioral task
behavioral1
Sample
xfer records serum keygen torrent.exe
Resource
win10-20240404-de
Behavioral task
behavioral2
Sample
xfer records serum keygen torrent.exe
Resource
win7-20240903-de
Behavioral task
behavioral3
Sample
xfer records serum keygen torrent.exe
Resource
win10v2004-20240802-de
Malware Config
Targets
-
-
Target
xfer records serum keygen torrent.exe
-
Size
931.4MB
-
MD5
4ed75fe9e829767a53f25779a5f3a31e
-
SHA1
947eb55f6a633814a233d0ffe7e20aec1aba9241
-
SHA256
a11f4d9dcb58cd6e184d80e0dc1f7a37c917a9d13526628c577201e12e173b74
-
SHA512
7fb8d858fa7ff86c4a7556ca2f7feefee131281139243ca7505bd27f465a40478de3dd541941fe8b2238abddbf633957bb1bf629b5d6d4a9923e272c2b7181d5
-
SSDEEP
393216:HxI7BCib8N86a055K6bPD5l2TSawdHTuq3nhDkdpWxIlH9:R7i10rnTy
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-