General
-
Target
4e8db4e7dc172ea11e14197997fc97097e900e735f48bac677145ddac68874e1
-
Size
647KB
-
Sample
210515-e84363d5tx
-
MD5
0af7431fb4d012d8a2005ad832e9eba7
-
SHA1
5e45bac59d748554dd91ae85d67541eee346671b
-
SHA256
4e8db4e7dc172ea11e14197997fc97097e900e735f48bac677145ddac68874e1
-
SHA512
bf3b0dcb8c70191b1eaa4d467787c1e594191528fff7c91e41ad67496700c0e4fe663d0cb4653011c708d062fc920d020408f617e29b5c793b160f03099ae433
Static task
static1
Behavioral task
behavioral1
Sample
4e8db4e7dc172ea11e14197997fc97097e900e735f48bac677145ddac68874e1.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
4e8db4e7dc172ea11e14197997fc97097e900e735f48bac677145ddac68874e1
-
Size
647KB
-
MD5
0af7431fb4d012d8a2005ad832e9eba7
-
SHA1
5e45bac59d748554dd91ae85d67541eee346671b
-
SHA256
4e8db4e7dc172ea11e14197997fc97097e900e735f48bac677145ddac68874e1
-
SHA512
bf3b0dcb8c70191b1eaa4d467787c1e594191528fff7c91e41ad67496700c0e4fe663d0cb4653011c708d062fc920d020408f617e29b5c793b160f03099ae433
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-