General
-
Target
d60774d9cc7de1ca2e9885c046b783afe88a5a42aae74c71cf48b145fe0fad82
-
Size
15.8MB
-
Sample
241111-rlf1mszhpd
-
MD5
4fafaa256dd55735abfbd2538e14bbf7
-
SHA1
bb255ee68faea97a42179d575be8b5abc6a282b5
-
SHA256
d60774d9cc7de1ca2e9885c046b783afe88a5a42aae74c71cf48b145fe0fad82
-
SHA512
dccd0781f7f17b400ccacdaaca94694d5d59865ac777706056f24ada942947136bb0d73a91c9e928df547f9765edc9af53895ed20cd577bf5e5afdea322e29ea
-
SSDEEP
393216:OZMa2/10o5vPN0KbNbdt2gJeEdGSMLwlh8tm7dYdZGyet:OZMa2X5DbTZ3d5WgbKjc
Behavioral task
behavioral1
Sample
MADARA Patch/MADARA.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
MADARA Patch/MADARA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
tick_win_setup_release_x64_6001.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
tick_win_setup_release_x64_6001.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
知软博客 _ 免费分享软件、模板、技术教程的网站.url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
知软博客 _ 免费分享软件、模板、技术教程的网站.url
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
MADARA Patch/MADARA.exe
-
Size
721KB
-
MD5
99e426c96c1a22c80e253b668fd0ffcd
-
SHA1
bf3d4d45c9e2338047ea5284b319143def3829b9
-
SHA256
5978bd2ca99c60e882ecab317428b78f481df38ac6f482dd27f167dd713018ca
-
SHA512
776cfa14f459ab856d8d1ad42a6ffe790e7344c6ffe16421d4a4576ce4bcd8aa0919ff0af2234bf10a645dc2f1647a7833b28b1f161c21e542e6a4a5782d3733
-
SSDEEP
12288:xh1Lk70TnvjcDia3KTc0Kr4ZEWFXgeeMBhrkt9qshg49jO332ktNlN4kkXcl:tk70Trc/SKrYQee8hreqQd633vr7aXcl
Score3/10 -
-
-
Target
tick_win_setup_release_x64_6001.exe
-
Size
15.9MB
-
MD5
b975591580294c862fe02d31cb3b1c42
-
SHA1
fcc9665970ea2bb48d6bceff1fee87a88d665b44
-
SHA256
b9fb296344d4d6cf5e84b2ecff8057a50ada720eac02a03101cd89ffb19e9aff
-
SHA512
f3d71472a4e5ee7827932a99df26d988552c922c0f7787e4a98373820aad651e328e0cae29366d4768e90ab0a3d5a1f72ba406bf5830d7cb93a609430c3419ee
-
SSDEEP
393216:Xkkrj0UBdhXgkhx7Tz2mvGavMWm5IHbaREX56f1Awg:XkkhBx7nJ/v7eSJMh
Score7/10-
Drops startup file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
知软博客 _ 免费分享软件、模板、技术教程的网站.url
-
Size
109B
-
MD5
ac3c4afed54589efd3b3aeefcd5accfa
-
SHA1
d27e71153592c3cc0a37431deea12fcc5a1cafef
-
SHA256
eaad9df71149e87f5c9658f8d739aea43add7f76b590ab801bb6309aecca48ba
-
SHA512
97c0f102296442db3d8f5737c81a33bf9ed1cf5eb575f2bbf8a0fc03e9ccbb4077419ab5ca85a0b189474b22067e7320e973d3aa51806a415d343530162f6d54
Score1/10 -