General
-
Target
98512fdc1d3b34e2196ca5b34e14f29c.exe
-
Size
4.8MB
-
Sample
241005-hs3csa1hpr
-
MD5
98512fdc1d3b34e2196ca5b34e14f29c
-
SHA1
460f2bbed2bc7419c1664d7f8a9e284e5b9bea83
-
SHA256
1478772a2208da0b42fd08d2e4f3506259d09c50b5af093471d6c874bf19b399
-
SHA512
ba83759ab4a14007c8344fa665329898d520f640cfab6ec7b177b191f423aa9ec9d07577d64fe11d3cbf56be1744f2e66c1fd0c8a6529fd867377e62445cd6a0
-
SSDEEP
3072:patWqvozZqlXS99bMRfCh+T5bOCYEu05ukO3JJ:pMWqcIXS99bMZ5sCYE7O3P
Static task
static1
Behavioral task
behavioral1
Sample
98512fdc1d3b34e2196ca5b34e14f29c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
98512fdc1d3b34e2196ca5b34e14f29c.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
gurcu
https://api.telegram.org/bot7935489665:AAE2XyOo-0CSgW-NXoz80QphaaOkmebwR5Q/sendMessage?chat_id=-4573656473
https://api.telegram.org/bot7935489665:AAE2XyOo-0CSgW-NXoz80QphaaOkmebwR5Q/sendDocumen
Targets
-
-
Target
98512fdc1d3b34e2196ca5b34e14f29c.exe
-
Size
4.8MB
-
MD5
98512fdc1d3b34e2196ca5b34e14f29c
-
SHA1
460f2bbed2bc7419c1664d7f8a9e284e5b9bea83
-
SHA256
1478772a2208da0b42fd08d2e4f3506259d09c50b5af093471d6c874bf19b399
-
SHA512
ba83759ab4a14007c8344fa665329898d520f640cfab6ec7b177b191f423aa9ec9d07577d64fe11d3cbf56be1744f2e66c1fd0c8a6529fd867377e62445cd6a0
-
SSDEEP
3072:patWqvozZqlXS99bMRfCh+T5bOCYEu05ukO3JJ:pMWqcIXS99bMZ5sCYE7O3P
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1