General
-
Target
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab
-
Size
10.7MB
-
Sample
210504-2b1s5ztjqj
-
MD5
cd096364a7358e56a1688637fa8e7da5
-
SHA1
30e1df1ecfcebdd22cf2f0a574d9caf7ef0f6e86
-
SHA256
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab
-
SHA512
a6fe50f9300518baa4611d831d3947870771022701a6d32a9c4896bd889246e018b5bba8adb6a5e744de3bbd9b6b9a7b1356b68fddea161193344c07fdb5db9a
Static task
static1
Behavioral task
behavioral1
Sample
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab
-
Size
10.7MB
-
MD5
cd096364a7358e56a1688637fa8e7da5
-
SHA1
30e1df1ecfcebdd22cf2f0a574d9caf7ef0f6e86
-
SHA256
e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab
-
SHA512
a6fe50f9300518baa4611d831d3947870771022701a6d32a9c4896bd889246e018b5bba8adb6a5e744de3bbd9b6b9a7b1356b68fddea161193344c07fdb5db9a
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-