General
-
Target
2c4a628a5226654cc05919b82793c5288b9118cfec5ef2533efd6e9e1774983e
-
Size
464KB
-
Sample
201112-fy5n4n415e
-
MD5
8807472c3daef64ca36a1d9e40401920
-
SHA1
d6ac413beed93aafa4edb9bbed9cc634aa29021f
-
SHA256
2c4a628a5226654cc05919b82793c5288b9118cfec5ef2533efd6e9e1774983e
-
SHA512
08489e755b8af4b4bf6bf49c48dbe4110cc7285cad568ddc39fea5bebb562f51a8031731c792b8611412090bbe92cc8286946f7ded80c6bd9649c4176e5657eb
Static task
static1
Behavioral task
behavioral1
Sample
2c4a628a5226654cc05919b82793c5288b9118cfec5ef2533efd6e9e1774983e.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
2c4a628a5226654cc05919b82793c5288b9118cfec5ef2533efd6e9e1774983e
-
Size
464KB
-
MD5
8807472c3daef64ca36a1d9e40401920
-
SHA1
d6ac413beed93aafa4edb9bbed9cc634aa29021f
-
SHA256
2c4a628a5226654cc05919b82793c5288b9118cfec5ef2533efd6e9e1774983e
-
SHA512
08489e755b8af4b4bf6bf49c48dbe4110cc7285cad568ddc39fea5bebb562f51a8031731c792b8611412090bbe92cc8286946f7ded80c6bd9649c4176e5657eb
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-