General
-
Target
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a
-
Size
349KB
-
Sample
201112-v9a45tfk9n
-
MD5
0ca4a66815d475d75e3fd325e76aa84b
-
SHA1
5099648cc97e3354de1571a932cad705134c38aa
-
SHA256
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a
-
SHA512
e51afb53aa5a95f4080fcbe3bbe940ca741dc4a370ab8c0edf7a8c8c7c1fda6a2c5bbd210d35663018855382265a5fb1b0abec75e1ebc1ab9677a6c2be09d233
Static task
static1
Behavioral task
behavioral1
Sample
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a
-
Size
349KB
-
MD5
0ca4a66815d475d75e3fd325e76aa84b
-
SHA1
5099648cc97e3354de1571a932cad705134c38aa
-
SHA256
da0a4e16ef4baf46f27e666e9b4547cdf17eafad3caa235df6c29a52d3da8d0a
-
SHA512
e51afb53aa5a95f4080fcbe3bbe940ca741dc4a370ab8c0edf7a8c8c7c1fda6a2c5bbd210d35663018855382265a5fb1b0abec75e1ebc1ab9677a6c2be09d233
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-