General
-
Target
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690N
-
Size
836KB
-
Sample
241031-pfwg2aybjh
-
MD5
2b89f539fc49781f2fc6d8debf491c90
-
SHA1
227e1d6ff55aac9d09a30050cbe7acabd6df2968
-
SHA256
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690
-
SHA512
bd8a5af726503b17ec860745a4adf39c85c4be92a7c4e545318538bbc52e0f3052d207fe600e5d88cb8a04256867bcb4ae6d541518ed3136afe7c5ce2ae2de02
-
SSDEEP
24576:OXhejYBQ1sKjVdXgf9lHWstDV8ScB0RpVCg5Ev7ixMmJ:CtKjV6f9lHltDVbcmPoixr
Static task
static1
Behavioral task
behavioral1
Sample
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Laryngectomize/Listeprisernes.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Laryngectomize/Listeprisernes.ps1
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690N
-
Size
836KB
-
MD5
2b89f539fc49781f2fc6d8debf491c90
-
SHA1
227e1d6ff55aac9d09a30050cbe7acabd6df2968
-
SHA256
60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690
-
SHA512
bd8a5af726503b17ec860745a4adf39c85c4be92a7c4e545318538bbc52e0f3052d207fe600e5d88cb8a04256867bcb4ae6d541518ed3136afe7c5ce2ae2de02
-
SSDEEP
24576:OXhejYBQ1sKjVdXgf9lHWstDV8ScB0RpVCg5Ev7ixMmJ:CtKjV6f9lHltDVbcmPoixr
Score10/10-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Laryngectomize/Listeprisernes.Fak
-
Size
53KB
-
MD5
e4f72073cc7b121ef1e77875b5c3aa40
-
SHA1
eb3ace1b3dd416dbcdec1ae6a1ee3d20227ae6fd
-
SHA256
0a8ab46fd80e222c9f3e2ec4cf38c67ae7adf4f09e40709bbba2c2e3ee785f43
-
SHA512
662b9d35f71c99eea7187332363de7d6ea3ab54e1e6b0800f2162b6984949fdf7bebecf26d8db89a9438e532a2d2229a5110b201d814a1853d851f229065306a
-
SSDEEP
1536:ElXR51ki9AdNwV/NK2HnznYzlt+UY8vECtZfk4:0rzeTC//LYzltb6eZ84
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-