General
-
Target
b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
-
Size
4.5MB
-
Sample
241031-kbmbcavepn
-
MD5
fa31a70b20d5d1666ddd40cf3305e334
-
SHA1
530a9bc75d351810f8e4690a7041339ce255bbe0
-
SHA256
b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
-
SHA512
5cfe701112133127ac73a302ac9a1ce3f1f6da42d60fffed1007f9931cb47bcd6d0d5557a25faaecf1c692d1f70916cc6c1136619703f9c71c171663377b9fa0
-
SSDEEP
49152:1z6XIrSYssIOfbCcWYLdNBpQkdmTlrg12d8xfMHFnJgxy5CVB0cEWxPZ/xHdbrsi:1+Pc2Q2d6Ml6xBB0nWxPZDuJWP
Malware Config
Targets
-
-
Target
b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
-
Size
4.5MB
-
MD5
fa31a70b20d5d1666ddd40cf3305e334
-
SHA1
530a9bc75d351810f8e4690a7041339ce255bbe0
-
SHA256
b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
-
SHA512
5cfe701112133127ac73a302ac9a1ce3f1f6da42d60fffed1007f9931cb47bcd6d0d5557a25faaecf1c692d1f70916cc6c1136619703f9c71c171663377b9fa0
-
SSDEEP
49152:1z6XIrSYssIOfbCcWYLdNBpQkdmTlrg12d8xfMHFnJgxy5CVB0cEWxPZ/xHdbrsi:1+Pc2Q2d6Ml6xBB0nWxPZDuJWP
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-