General
-
Target
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82
-
Size
2.6MB
-
Sample
240630-mgrt5awemh
-
MD5
146bbdff9871cfc484839ed59b994a2f
-
SHA1
ff44b337bd1ee4439f7d5330d426b1e510113351
-
SHA256
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82
-
SHA512
faf3ab3ec5ef9a4f43299937060764940a8f1b6c01309bfda52942dfd9ae9c45e909ed67b0cdbeee8f3c8c9cd88f9d34557427e9c2359dca06c37fe95b565d31
-
SSDEEP
49152:uB7HRCcJmv2aLv6xXV1/+/P3bhu2elmHPOcFl1Co/QeJe1MxtIP44V/ySQ0:W7+2gv6v1ihGcHPFi6pPGh
Static task
static1
Behavioral task
behavioral1
Sample
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
http://116.204.24.189:8888/MqQN
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
Targets
-
-
Target
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82
-
Size
2.6MB
-
MD5
146bbdff9871cfc484839ed59b994a2f
-
SHA1
ff44b337bd1ee4439f7d5330d426b1e510113351
-
SHA256
92ed635d64ccf7f45c6be415da330781a714d2a50cd28a76665e3590e5a52c82
-
SHA512
faf3ab3ec5ef9a4f43299937060764940a8f1b6c01309bfda52942dfd9ae9c45e909ed67b0cdbeee8f3c8c9cd88f9d34557427e9c2359dca06c37fe95b565d31
-
SSDEEP
49152:uB7HRCcJmv2aLv6xXV1/+/P3bhu2elmHPOcFl1Co/QeJe1MxtIP44V/ySQ0:W7+2gv6v1ihGcHPFi6pPGh
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-