General
-
Target
cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
-
Size
253KB
-
Sample
210511-prpgkg29as
-
MD5
a4166b3570c3c1165c68c7ceb9aa8c65
-
SHA1
6f8637d1f10743a9e43abe646b44b7bb63abc1e7
-
SHA256
cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
-
SHA512
1953a35d3d6174aee555ffee66070ac02799f1410f7ced6692e3856b1b42e5cf5db4093d3f2feaeda5bd6fde568ae1ce97bfc829d69f31b8d89edff798d4d624
Static task
static1
Behavioral task
behavioral1
Sample
cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
-
Size
253KB
-
MD5
a4166b3570c3c1165c68c7ceb9aa8c65
-
SHA1
6f8637d1f10743a9e43abe646b44b7bb63abc1e7
-
SHA256
cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
-
SHA512
1953a35d3d6174aee555ffee66070ac02799f1410f7ced6692e3856b1b42e5cf5db4093d3f2feaeda5bd6fde568ae1ce97bfc829d69f31b8d89edff798d4d624
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-