General
-
Target
6d26ff2d60cff8ff8e56f24f0d7694a2a72a95fda84d004d4c5c437fa5194842
-
Size
252KB
-
Sample
201106-n57af5hmwn
-
MD5
f89151e3ab89cf2d4f47c7e8b7a5b0d7
-
SHA1
913a1329b8e015ec6950f28334ffbb7d54b72992
-
SHA256
6d26ff2d60cff8ff8e56f24f0d7694a2a72a95fda84d004d4c5c437fa5194842
-
SHA512
26498d0bba4ab01997f648fd95c470cf8fc2bb987732dfd2e413a58c5f192b16eade176243381d974d71f05d64342f322ae73799ffb0cda57ecc2c9a42ac0167
Static task
static1
Behavioral task
behavioral1
Sample
6d26ff2d60cff8ff8e56f24f0d7694a2a72a95fda84d004d4c5c437fa5194842.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
6d26ff2d60cff8ff8e56f24f0d7694a2a72a95fda84d004d4c5c437fa5194842
-
Size
252KB
-
MD5
f89151e3ab89cf2d4f47c7e8b7a5b0d7
-
SHA1
913a1329b8e015ec6950f28334ffbb7d54b72992
-
SHA256
6d26ff2d60cff8ff8e56f24f0d7694a2a72a95fda84d004d4c5c437fa5194842
-
SHA512
26498d0bba4ab01997f648fd95c470cf8fc2bb987732dfd2e413a58c5f192b16eade176243381d974d71f05d64342f322ae73799ffb0cda57ecc2c9a42ac0167
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-