General
-
Target
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843
-
Size
283KB
-
Sample
210513-nddj33m8tx
-
MD5
3e2ce7ab165ab57cf04cfe8ae1583813
-
SHA1
1b43d9fb051b69ea883590f554b7d11495459977
-
SHA256
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843
-
SHA512
88c7c570a5969e3f6d938e9b66286b81774de42aea8ae593f5d39874536049cd6d7d1fa19439348ae53f3a4a733b6653c6846de3dc0d92996b199d538bd198c9
Static task
static1
Behavioral task
behavioral1
Sample
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843
-
Size
283KB
-
MD5
3e2ce7ab165ab57cf04cfe8ae1583813
-
SHA1
1b43d9fb051b69ea883590f554b7d11495459977
-
SHA256
c71d85fa9976fc49b3bd3eceb8aeaade3167a9a61a12cd0efee58218189e4843
-
SHA512
88c7c570a5969e3f6d938e9b66286b81774de42aea8ae593f5d39874536049cd6d7d1fa19439348ae53f3a4a733b6653c6846de3dc0d92996b199d538bd198c9
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-