General
-
Target
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
Size
283KB
-
Sample
201106-4f6gbsv4ax
-
MD5
a96bbe28f01b35c25f6dfa60e8f01c82
-
SHA1
6edcde73a83ab3b839f828791f214bd4e1bba077
-
SHA256
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
SHA512
04f69746c86634e14aeab3a4c128d966988bda87d87243e0013dc452be403f89ae4f720c03a2dd04229070322a20f533342305801e0e94cfac779a208efc8780
Static task
static1
Behavioral task
behavioral1
Sample
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
Size
283KB
-
MD5
a96bbe28f01b35c25f6dfa60e8f01c82
-
SHA1
6edcde73a83ab3b839f828791f214bd4e1bba077
-
SHA256
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
SHA512
04f69746c86634e14aeab3a4c128d966988bda87d87243e0013dc452be403f89ae4f720c03a2dd04229070322a20f533342305801e0e94cfac779a208efc8780
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-