General
-
Target
a1ee406d1c88cbb3f4ceabd527b2b8fce144d4187a3b0cf100db8f06dfa533ec
-
Size
15.5MB
-
Sample
210511-ae429shfv2
-
MD5
a6be4e2fbf011eec327a6394b72af75c
-
SHA1
9b5ed8b2a72aeb978019b2bdf105e083c11be184
-
SHA256
a1ee406d1c88cbb3f4ceabd527b2b8fce144d4187a3b0cf100db8f06dfa533ec
-
SHA512
4f3c9fdd96f877fae22ec31ab6ac7163c9b77eb26f7b1c1829d58f077e9e00b6b164dba3eef67432f049682ca01df5048acfb406049d18a72a769c02feb2185c
Malware Config
Targets
-
-
Target
a1ee406d1c88cbb3f4ceabd527b2b8fce144d4187a3b0cf100db8f06dfa533ec
-
Size
15.5MB
-
MD5
a6be4e2fbf011eec327a6394b72af75c
-
SHA1
9b5ed8b2a72aeb978019b2bdf105e083c11be184
-
SHA256
a1ee406d1c88cbb3f4ceabd527b2b8fce144d4187a3b0cf100db8f06dfa533ec
-
SHA512
4f3c9fdd96f877fae22ec31ab6ac7163c9b77eb26f7b1c1829d58f077e9e00b6b164dba3eef67432f049682ca01df5048acfb406049d18a72a769c02feb2185c
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Suspicious Office macro
Office document equipped with macros.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-