General
-
Target
9b72e407bfb2cab71a87f023aff2c3692893328852044037333a597f71592415
-
Size
252KB
-
Sample
201108-ajbgzhnp36
-
MD5
fef2b1e52220b33ec700d73f59405632
-
SHA1
56bde46cd9d9998fdbf5a1c95036d3a84cf46d17
-
SHA256
9b72e407bfb2cab71a87f023aff2c3692893328852044037333a597f71592415
-
SHA512
32f1f8e64d64ea931d06d91c426bc79bc503a5811e6786c923f7e9c290e94203b4924ec09fa7b4ad074936afafcc25394042b258bd4ee9eb5ec13aaa172f6d04
Static task
static1
Behavioral task
behavioral1
Sample
9b72e407bfb2cab71a87f023aff2c3692893328852044037333a597f71592415.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
9b72e407bfb2cab71a87f023aff2c3692893328852044037333a597f71592415
-
Size
252KB
-
MD5
fef2b1e52220b33ec700d73f59405632
-
SHA1
56bde46cd9d9998fdbf5a1c95036d3a84cf46d17
-
SHA256
9b72e407bfb2cab71a87f023aff2c3692893328852044037333a597f71592415
-
SHA512
32f1f8e64d64ea931d06d91c426bc79bc503a5811e6786c923f7e9c290e94203b4924ec09fa7b4ad074936afafcc25394042b258bd4ee9eb5ec13aaa172f6d04
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-