2bb2c59d97f7aa971f1fcd7518fcf4331550029765b0943f84d32d5eec603760

General

Target

7loader.7z
Size

7KB
Sample

241120-gjls1axken
MD5

4587bf3746a5674a1797ea7fe50d0893
SHA1

ea740da047d03d09b69417f6453d953392efc749
SHA256

2bb2c59d97f7aa971f1fcd7518fcf4331550029765b0943f84d32d5eec603760
SHA512

ef589aa9da32570e7c144aa56e283b67705b242bff2c846ae7a443185ad33153bf7024df2eeee17659a5cd8aadd04271e46d3afc792586c29e37448c08666b9f
SSDEEP

192:3l6hiBbdX0HxDL1zGP6uIefpImEXf6QKzntNFA:168BRX0HxDLJHuI0pIszXy

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  7loader.7z
- Size
  
  7KB
- MD5
  
  4587bf3746a5674a1797ea7fe50d0893
- SHA1
  
  ea740da047d03d09b69417f6453d953392efc749
- SHA256
  
  2bb2c59d97f7aa971f1fcd7518fcf4331550029765b0943f84d32d5eec603760
- SHA512
  
  ef589aa9da32570e7c144aa56e283b67705b242bff2c846ae7a443185ad33153bf7024df2eeee17659a5cd8aadd04271e46d3afc792586c29e37448c08666b9f
- SSDEEP
  
  192:3l6hiBbdX0HxDL1zGP6uIefpImEXf6QKzntNFA:168BRX0HxDLJHuI0pIszXy
Score

3^/10

discovery
behavioral1
- Target
  
  1/7loader.exe.vir
- Size
  
  44KB
- MD5
  
  2d538ba85d41c6a385e872201429380a
- SHA1
  
  aab6d07ea5390836a54b12c6836eb1106d7e9a44
- SHA256
  
  9c45ca71fda5862789cd866127e766b941de1f690b91144c1d4c1d967d1dc050
- SHA512
  
  76bc7b5b0a45147b23bac99bd7fc986c8bd407291cddffa9edf25ff88d9e8334221a48d9ab62c9bf37ab9eb7375b4ec4d2729ddeac7209c499e104f878168451
- SSDEEP
  
  384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral2
- Target
  
  2/7loader.exe.vir
- Size
  
  21KB
- MD5
  
  489d2bb73c3c5b44e0f315b2ce9381b3
- SHA1
  
  4b08586aee68bee50c1f5aaadf1afafe30743b48
- SHA256
  
  849ae339eb4480f2f3187b50c1413e187bed698b2a196e515eb219244e2e8dd8
- SHA512
  
  1eec009178f92f3d4cd6813aa17a6a55c1ddb174811cca662f709e45a23ccc5ce847238f442aa1bca7edc2e4c9865fb0f32781df5d7d7f8ca9c78190c025fdec
- SSDEEP
  
  384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral3