General
-
Target
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
-
Size
649KB
-
Sample
210511-x1cxgv2faa
-
MD5
f3f1f3f0cdf8808eafed30ec9c02affb
-
SHA1
18af6e012fd8f8e71dba08f9800e04d03905ddd2
-
SHA256
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
-
SHA512
78635bd6f5b84133aacb87cb0430800d533779eb20295d6d20b214ba5348691560efd46a964c7fa2d8903eccc98745bcd31385cc73ea2e507e0417680d2fe358
Static task
static1
Behavioral task
behavioral1
Sample
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
-
Size
649KB
-
MD5
f3f1f3f0cdf8808eafed30ec9c02affb
-
SHA1
18af6e012fd8f8e71dba08f9800e04d03905ddd2
-
SHA256
61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
-
SHA512
78635bd6f5b84133aacb87cb0430800d533779eb20295d6d20b214ba5348691560efd46a964c7fa2d8903eccc98745bcd31385cc73ea2e507e0417680d2fe358
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-