General
-
Target
24.9.3 pass is 1.zip
-
Size
8.6MB
-
Sample
241101-f16dasvrdy
-
MD5
5b2e26263a34768be4d27555af3c2ebc
-
SHA1
93ae29885db891ee0b0e02f239e27f341eeb6d4b
-
SHA256
a4a7c59d9fef34c1d28ab6fe2633512072c694455af1252ffac0d221bc8aef8d
-
SHA512
c254667787d08bb4254ad7bc2b746f2c33eca22ffbe3dcb5f4c6bf77a3cedfe3e2cb11add8dbe7ed8959791e10f4a86e74efe02bdc50afb5b5b002d46aa448e7
-
SSDEEP
196608:W/EQJ9M0g36VumYIMhFujmzEOhM5wxp2ueJetCyo+1:W/HCKgd+jSOApy+Cg
Malware Config
Targets
-
-
Target
24.9.3 pass is 1.zip
-
Size
8.6MB
-
MD5
5b2e26263a34768be4d27555af3c2ebc
-
SHA1
93ae29885db891ee0b0e02f239e27f341eeb6d4b
-
SHA256
a4a7c59d9fef34c1d28ab6fe2633512072c694455af1252ffac0d221bc8aef8d
-
SHA512
c254667787d08bb4254ad7bc2b746f2c33eca22ffbe3dcb5f4c6bf77a3cedfe3e2cb11add8dbe7ed8959791e10f4a86e74efe02bdc50afb5b5b002d46aa448e7
-
SSDEEP
196608:W/EQJ9M0g36VumYIMhFujmzEOhM5wxp2ueJetCyo+1:W/HCKgd+jSOApy+Cg
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Detected potential entity reuse from brand STEAM.
-