General
-
Target
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6
-
Size
736KB
-
Sample
210511-ctaphpq4g2
-
MD5
c546c3296ac7313a1b01d4e6f39d8ce7
-
SHA1
d042c7e225a1094b30494080729612c8c16383ba
-
SHA256
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6
-
SHA512
06bfa460148df400d7a55158afef6c903d6a4f215dc0423171c55ff2e3fb16fbdd982cdb42cf0832a55cd78dc5056b148623125bfc2dcf933d1f95b1f579e46d
Static task
static1
Behavioral task
behavioral1
Sample
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6
-
Size
736KB
-
MD5
c546c3296ac7313a1b01d4e6f39d8ce7
-
SHA1
d042c7e225a1094b30494080729612c8c16383ba
-
SHA256
76fac0cb520aad753444d15fe7954cf78ecdf57a6302906f79d308bcf3df9cd6
-
SHA512
06bfa460148df400d7a55158afef6c903d6a4f215dc0423171c55ff2e3fb16fbdd982cdb42cf0832a55cd78dc5056b148623125bfc2dcf933d1f95b1f579e46d
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-