General
-
Target
Nouveau Archive WinRAR.rar
-
Size
41.7MB
-
Sample
250702-xljz7a1jt2
-
MD5
a651066b197d335326352e225fecbf67
-
SHA1
8b71b2e8c34618afeac86c20972e67e75891cfa3
-
SHA256
930df6f1e4b925b1f458dc5a6aba17b2698c1aba4b049f888b3d27340cf725cc
-
SHA512
35ed2551539efb57238df07270753340f49bcd5d4e1281efd7c4c7c65a04d0a2c473233e2bc3e3387ef0733da0ff426e59101162d7c11438778564b00d345288
-
SSDEEP
786432:4Re20fQ8BhFLHNk/6lbwq8FGqBmiv4qmLLA+jAtcTuVzfrRx55dEILrkHQkmCr:MeNfQ8BhEyq5TmLLlUtMuVLFxvdnormi
Static task
static1
Behavioral task
behavioral1
Sample
Nouveau Archive WinRAR.rar
Resource
win10ltsc2021-20250410-fr
Malware Config
Targets
-
-
Target
Nouveau Archive WinRAR.rar
-
Size
41.7MB
-
MD5
a651066b197d335326352e225fecbf67
-
SHA1
8b71b2e8c34618afeac86c20972e67e75891cfa3
-
SHA256
930df6f1e4b925b1f458dc5a6aba17b2698c1aba4b049f888b3d27340cf725cc
-
SHA512
35ed2551539efb57238df07270753340f49bcd5d4e1281efd7c4c7c65a04d0a2c473233e2bc3e3387ef0733da0ff426e59101162d7c11438778564b00d345288
-
SSDEEP
786432:4Re20fQ8BhFLHNk/6lbwq8FGqBmiv4qmLLA+jAtcTuVzfrRx55dEILrkHQkmCr:MeNfQ8BhEyq5TmLLlUtMuVLFxvdnormi
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-