General
-
Target
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259
-
Size
252KB
-
Sample
200624-qfvsdx4gpa
-
MD5
35c2ab412dfd7fc5bf810f1d0bd5b3d8
-
SHA1
7c960e5b4cb45213d4a3d208ee62d96696a7f936
-
SHA256
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259
-
SHA512
82f8afe7e6f0bbc56a00af329413c4c20db41b958e177d0555d59dfa21b97265f8b257fcc08e02bfc04c97104484a223b6c0aba90293667d0507fac1e8eb548d
Static task
static1
Behavioral task
behavioral1
Sample
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259
-
Size
252KB
-
MD5
35c2ab412dfd7fc5bf810f1d0bd5b3d8
-
SHA1
7c960e5b4cb45213d4a3d208ee62d96696a7f936
-
SHA256
e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259
-
SHA512
82f8afe7e6f0bbc56a00af329413c4c20db41b958e177d0555d59dfa21b97265f8b257fcc08e02bfc04c97104484a223b6c0aba90293667d0507fac1e8eb548d
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-