General
-
Target
be7348ac661712d9c6ff32f570af43a435fa88015c48b6a421f3f68d944e943c
-
Size
252KB
-
Sample
201113-x2v9r2z8qn
-
MD5
c59e571eb35a179093de7813abea3701
-
SHA1
68932d08d79e587684b9bab2c2bbd67e70b6b40d
-
SHA256
be7348ac661712d9c6ff32f570af43a435fa88015c48b6a421f3f68d944e943c
-
SHA512
5d29fd11f7dff221ceaca9949301407655a18a1a1d5ea74461d922107430d66754da0574cbc5b47f2ceaab0941bf6146be33726d8e7d64625ee9b6ed6d2e9281
Static task
static1
Behavioral task
behavioral1
Sample
be7348ac661712d9c6ff32f570af43a435fa88015c48b6a421f3f68d944e943c.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
be7348ac661712d9c6ff32f570af43a435fa88015c48b6a421f3f68d944e943c
-
Size
252KB
-
MD5
c59e571eb35a179093de7813abea3701
-
SHA1
68932d08d79e587684b9bab2c2bbd67e70b6b40d
-
SHA256
be7348ac661712d9c6ff32f570af43a435fa88015c48b6a421f3f68d944e943c
-
SHA512
5d29fd11f7dff221ceaca9949301407655a18a1a1d5ea74461d922107430d66754da0574cbc5b47f2ceaab0941bf6146be33726d8e7d64625ee9b6ed6d2e9281
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-