General
-
Target
clarinet_sound.wav
-
Size
187KB
-
Sample
241120-t29n1atphj
-
MD5
cc3076fd52cb56a0e8b5736edf9355c7
-
SHA1
deaa3a347763021649e8aae1c5c5f23b8f8a8143
-
SHA256
d3b1623d3be54832a44b509d1d0b7a8685abeea26b42c7e09a87467927dd8f7b
-
SHA512
ab54ea1315d70f88e4f7c0afc4f321ccfd056daeb77a53644eb8f31ee82aeef47a0af9d109fc95b779add7f61e900d6f703d9781370a251b5adb54962e540519
-
SSDEEP
3072:uul7lHZycwPgqmt+iGTvIiA6/N6HJatSHvArukZHbVdJy6ynEQ1irxAw0O:uyVcGqu+pv7ACNhgH+Fy6T
Malware Config
Targets
-
-
Target
clarinet_sound.wav
-
Size
187KB
-
MD5
cc3076fd52cb56a0e8b5736edf9355c7
-
SHA1
deaa3a347763021649e8aae1c5c5f23b8f8a8143
-
SHA256
d3b1623d3be54832a44b509d1d0b7a8685abeea26b42c7e09a87467927dd8f7b
-
SHA512
ab54ea1315d70f88e4f7c0afc4f321ccfd056daeb77a53644eb8f31ee82aeef47a0af9d109fc95b779add7f61e900d6f703d9781370a251b5adb54962e540519
-
SSDEEP
3072:uul7lHZycwPgqmt+iGTvIiA6/N6HJatSHvArukZHbVdJy6ynEQ1irxAw0O:uyVcGqu+pv7ACNhgH+Fy6T
Score8/10-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-
Network Service Discovery
Attempt to gather information on host's network.
-