General
-
Target
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c
-
Size
48KB
-
Sample
241111-zr7pjsweqj
-
MD5
d83cac8ac77e88472b7d1a46b4bdc006
-
SHA1
ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0
-
SHA256
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c
-
SHA512
a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e
-
SSDEEP
768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67
Behavioral task
behavioral1
Sample
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
runningrat
120.79.191.234
Targets
-
-
Target
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c
-
Size
48KB
-
MD5
d83cac8ac77e88472b7d1a46b4bdc006
-
SHA1
ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0
-
SHA256
e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c
-
SHA512
a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e
-
SSDEEP
768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67
Score8/10-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Creates a Windows Service
-
Drops file in System32 directory
-