General
-
Target
c276255be8c317392e43735e0f707cf9
-
Size
1.3MB
-
Sample
201214-j29rcelfps
-
MD5
c276255be8c317392e43735e0f707cf9
-
SHA1
8deb38349ef9978a83b8fee521de5e06d2b86052
-
SHA256
5fe7d9e94105fcb2dd524faee708442a10c98a98c9ea3b6ef35da17b6f7f4f47
-
SHA512
ebb335783435b6675751d9efaeb601874df6a21f41f9ac0877afc7ab19a5ef7287fa4f8fc81984396a6ff5e29c5a40449635745e3d51a254096d53398b2dd1a3
Static task
static1
Behavioral task
behavioral1
Sample
c276255be8c317392e43735e0f707cf9.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
c276255be8c317392e43735e0f707cf9
-
Size
1.3MB
-
MD5
c276255be8c317392e43735e0f707cf9
-
SHA1
8deb38349ef9978a83b8fee521de5e06d2b86052
-
SHA256
5fe7d9e94105fcb2dd524faee708442a10c98a98c9ea3b6ef35da17b6f7f4f47
-
SHA512
ebb335783435b6675751d9efaeb601874df6a21f41f9ac0877afc7ab19a5ef7287fa4f8fc81984396a6ff5e29c5a40449635745e3d51a254096d53398b2dd1a3
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-