General
-
Target
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c
-
Size
252KB
-
Sample
201112-dbs6ezvycn
-
MD5
8813c24e9cc0aff01a5e3a258f6fd95b
-
SHA1
be5f895d6378496c98341952c969b718ba191d42
-
SHA256
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c
-
SHA512
635dc0e1c2ab29c099131fffdd9860b4d8ec1618365a711fa02591d5a14cd11b7fa12cb2d70a76c96feacbd6a2f132320a20294f04d0827c75ee661a93fcb905
Static task
static1
Behavioral task
behavioral1
Sample
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c
-
Size
252KB
-
MD5
8813c24e9cc0aff01a5e3a258f6fd95b
-
SHA1
be5f895d6378496c98341952c969b718ba191d42
-
SHA256
1b03aebe5337ec9316e07524a268725df40fc2f85a6d4ff1d51a1ec93d025b6c
-
SHA512
635dc0e1c2ab29c099131fffdd9860b4d8ec1618365a711fa02591d5a14cd11b7fa12cb2d70a76c96feacbd6a2f132320a20294f04d0827c75ee661a93fcb905
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-