General
-
Target
Archive.zip
-
Size
31.0MB
-
Sample
250119-wdhlqaymfs
-
MD5
7c44108772263524b76537edd36402fa
-
SHA1
7a32293033878a09e6e1762a62fe1c75756a42fc
-
SHA256
c92ecc71e8edc4a226441f5af825bb37c4acd3066a9edd2957b9345609afa85a
-
SHA512
0c61d323cbbc732cab20fecac73976b0cbdc7f99f08570645080782ad4d07dcb0415822f489abc35a7adbbb3bceaffd787f53a48193e6417e862623dfb25af67
-
SSDEEP
786432:8YeDWQP7D4wUVuZX0hqFY9T3VtiLRo9279jltCuVnj:8ZWQP78HVuZX0hqFY9bVk1o927DtC6j
Static task
static1
Malware Config
Targets
-
-
Target
Archive.zip
-
Size
31.0MB
-
MD5
7c44108772263524b76537edd36402fa
-
SHA1
7a32293033878a09e6e1762a62fe1c75756a42fc
-
SHA256
c92ecc71e8edc4a226441f5af825bb37c4acd3066a9edd2957b9345609afa85a
-
SHA512
0c61d323cbbc732cab20fecac73976b0cbdc7f99f08570645080782ad4d07dcb0415822f489abc35a7adbbb3bceaffd787f53a48193e6417e862623dfb25af67
-
SSDEEP
786432:8YeDWQP7D4wUVuZX0hqFY9T3VtiLRo9279jltCuVnj:8ZWQP78HVuZX0hqFY9bVk1o927DtC6j
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1