5cd50d57a32b96d16db5abb18023bc202afffbb894060ef2f0d59f03f65a906e

General

Target

d4454w.zip
Size

38.1MB
Sample

241101-vgwr3stcjq
MD5

b12334681569b2d4f90957bb0b7dab09
SHA1

7eee54bc6591053ac576626a74aa0870858e641a
SHA256

5cd50d57a32b96d16db5abb18023bc202afffbb894060ef2f0d59f03f65a906e
SHA512

0017b5268f1a236d031955c39dd4aa9eb5446fab12b46f70ee2e10a0fcc86e9d81244af90cdd01f4545a7d6a92944e1c0d83a376ab05e2dd12d7807ba8bd8850
SSDEEP

786432:D2FT1tJzZfH7vc8gdlHGH3HbQFYdphLSwrSQnAMaVyXn0ClgWM:q51tJzZ/IZdlmHrQFYdXOwrSQSeFM

Score

8^/10

Malware Config

Targets

- Target
  
  7zxa.dll
- Size
  
  74.0MB
- MD5
  
  07d13871d87503aeae53933e96f19092
- SHA1
  
  43db90420c6d4ad3ab82673e98cc26bf1ddd6818
- SHA256
  
  671246f3727180c5786222ac6571a2920c87c2f8949308cb555e46779d99c4bd
- SHA512
  
  3cecd709028e158b6b410dd9a711d496a7e4c2a86c0ba8a3a5d0e51eb0684ef2cb6a74ab29c1bbb47c01232c46a10db5b87bba1c9183097dcbcdc32d26d7e1e7
- SSDEEP
  
  393216:uUxdJAw7DhnN169W7sJa+kIUyNP4Tstvx/QYqHx4AJIa5yJBz7h8zxPtYLx5mYfW:duWQASLQqIBx4gIaIp8zxtYd5mYfc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  CSRPS.dll
- Size
  
  415KB
- MD5
  
  dac35720be4d4105234c4c99208c43d9
- SHA1
  
  ca13aec5182035ac053004d51ddf4ec9a018b494
- SHA256
  
  dadf7277164ac0d065fead44b1ed3e3fd9bccca39315ab35def952036a0b0b80
- SHA512
  
  e4fff267040503457de828fafaf73c7a1c095ff87e85bd6cc9d1991193a8a1e51faef1ddf9ea5400849a6aaba9793dd9ffa68e032a293acd134f3274d05aa525
- SSDEEP
  
  12288:UtoqntFyEUT4agzv5asqKIBqbGoLJV3Tvl8M8CIh5:UtoctFrUTVg9asqKgOxJV3T6DCU5
Score

1^/10
behavioral3 behavioral4
- Target
  
  CSRPS.exe
- Size
  
  9.1MB
- MD5
  
  74d3f521a38b23cd25ed61e4f8d99f16
- SHA1
  
  c4cd0e519aeca41e94665f2c5ea60a322deb3680
- SHA256
  
  1d822b3faabb8f65fc30076d32a95757a2c369ccb64ae54572e9f562280ae845
- SHA512
  
  ec1c8b0eb895fd8947cad6126abc5bca3a712e42475228b9dcb3496098e720abb83d4cba4621edbd8d3ad7f306a5f57ced9c2c98fe2c2d0c8ebbbf99d7faf0f1
- SSDEEP
  
  196608:bmFQso3Id5AypjCIN325pMKhQaLh6sOo5LZvqy1f:OQseId5AyZIpMKVLhJtJqS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  unrar.dll
- Size
  
  174KB
- MD5
  
  4289541be75e95bcfff04857f7144d87
- SHA1
  
  5ec8085e30d75ec18b8b1e193b3d5aa1648b0d2e
- SHA256
  
  2631fcdf920610557736549e27939b9c760743a2cddec0b2c2254cfa40003fb0
- SHA512
  
  3137a7790de74a6413aca6c80fd57288bcc30a7df3a416f3c6e8666041cd47a9609136c91405eee23224c4ae67c9aebbba4dd9c4e5786b09b83318755b4a55fd
- SSDEEP
  
  3072:4Jb18kAn0/QVt5ch1fIBNXaQpZj1JtmosqpdFBVhz3s5xqW3W5/9rSgvWFI:g58kA0/QVPch1QXK6HmosyBhY62Y9Lee
Score

3^/10

discovery
behavioral7 behavioral8