General
-
Target
microsoft-teams.exe
-
Size
1.4MB
-
Sample
241119-sz2d6sxmhs
-
MD5
092bff0405ab418fe22c565e231be2ba
-
SHA1
8aef2b7d83b3d5ae55b24f25ab6621bb2dea9287
-
SHA256
156cafa6da98a57e481aab74ef748726bd4dce2912536fb59e65d9a57a3ae7a7
-
SHA512
ea88a6265562f56914c68deb0f86f115b170b36297afa45bb59c3777ec056d50598ee055d7a3c1e10a6a24f84e96ece69a594715e43c9aa28ab76e63fc8da5f0
-
SSDEEP
24576:4NYuPOTryV7OXRiYZgJw2K9KS74fVyhfP0dhyaz/PxSbQOUP8oSf37Z3/UyD:MOX6743ZvFKS74Nwfahyazx0LZ3jD
Malware Config
Targets
-
-
Target
microsoft-teams.exe
-
Size
1.4MB
-
MD5
092bff0405ab418fe22c565e231be2ba
-
SHA1
8aef2b7d83b3d5ae55b24f25ab6621bb2dea9287
-
SHA256
156cafa6da98a57e481aab74ef748726bd4dce2912536fb59e65d9a57a3ae7a7
-
SHA512
ea88a6265562f56914c68deb0f86f115b170b36297afa45bb59c3777ec056d50598ee055d7a3c1e10a6a24f84e96ece69a594715e43c9aa28ab76e63fc8da5f0
-
SSDEEP
24576:4NYuPOTryV7OXRiYZgJw2K9KS74fVyhfP0dhyaz/PxSbQOUP8oSf37Z3/UyD:MOX6743ZvFKS74Nwfahyazx0LZ3jD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-