General
-
Target
aerochat-setup.exe
-
Size
28.5MB
-
Sample
241109-m1yrsataph
-
MD5
f8a347f76db3fb4d272d2e3a48248aa4
-
SHA1
89256e855cdcf9a4d2deb73c0c7c1ccfcdd8a93d
-
SHA256
885e6675e00a1718b789009c8f3699f4234b9af7f28a5773ef771f861d36da66
-
SHA512
f1b467031681be1ea5627cc46969cb31622730c75e95e94f18ee74019bdd7960ce70c0128a150f9a4d65004e5306d310bdcc672a0066efc26d1c472a8c49c93d
-
SSDEEP
786432:SGvipWnAiQK9q5trS8/4ahN3GAHyHwFwlr:xva6hU5JV4a31FAr
Static task
static1
Behavioral task
behavioral1
Sample
aerochat-setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
aerochat-setup.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
aerochat-setup.exe
-
Size
28.5MB
-
MD5
f8a347f76db3fb4d272d2e3a48248aa4
-
SHA1
89256e855cdcf9a4d2deb73c0c7c1ccfcdd8a93d
-
SHA256
885e6675e00a1718b789009c8f3699f4234b9af7f28a5773ef771f861d36da66
-
SHA512
f1b467031681be1ea5627cc46969cb31622730c75e95e94f18ee74019bdd7960ce70c0128a150f9a4d65004e5306d310bdcc672a0066efc26d1c472a8c49c93d
-
SSDEEP
786432:SGvipWnAiQK9q5trS8/4ahN3GAHyHwFwlr:xva6hU5JV4a31FAr
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-