General
-
Target
2bdb0e32-40ae-4dc8-a13d-57ca834ee879.zip
-
Size
3.0MB
-
Sample
210422-cqak1bhsbx
-
MD5
a2202abffb7ae5c6ef5dd16c74641085
-
SHA1
d2824f178fd2544198b5527e5e63e760e526cf42
-
SHA256
a98f3507b6a0cda364d41e882fe140d34befe082047ba9d67132e8093146c281
-
SHA512
1cb620d80dc8871f065424f9e6dc75ebd5ad718697c89182314f7e8a11db97d2d93ee5f659f7bffef1d574fc97959b29c0bad22c64a72b7f085681c3f1890e23
Static task
static1
Behavioral task
behavioral1
Sample
comprovante.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
comprovante.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
comprovante.exe
-
Size
5.3MB
-
MD5
2f28d85d5893201875c2b9116ce0e159
-
SHA1
1b1673e295cf3ca34efde7e0e3ce8ae331dbf166
-
SHA256
eec0954dcf773f42f0dad7b7ba895b59c201d2fa7d659c8fb4263a12ce32ec05
-
SHA512
fdd97316559707a62e6793711fbd078e6138565fd36457ee07e9f9eb2bc17038235759ba297fe0880e2d6c05f8a616d880c9155ac3a57117322a5ab1a29917fc
Score10/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-