General
-
Target
b61182634b32940e012d1551df9983cf12b53816c89ccfe8c68b185767362a20
-
Size
251KB
-
Sample
210831-py4hndx7ja
-
MD5
13f25517b98fdc189bf40e62782c677a
-
SHA1
9ad5a3a60cbd712a904f925e789bcbe61cb22ba8
-
SHA256
b61182634b32940e012d1551df9983cf12b53816c89ccfe8c68b185767362a20
-
SHA512
bb136fc1d84e5dcce27477e3ad9633a24cb4a523618cdea314c759ad7528d20bbb5a9f7f9fadec139a131f8208b6cdc569e4cbeb6e3f45664e34d00eec66dcc0
Static task
static1
Behavioral task
behavioral1
Sample
b61182634b32940e012d1551df9983cf12b53816c89ccfe8c68b185767362a20.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
b61182634b32940e012d1551df9983cf12b53816c89ccfe8c68b185767362a20
-
Size
251KB
-
MD5
13f25517b98fdc189bf40e62782c677a
-
SHA1
9ad5a3a60cbd712a904f925e789bcbe61cb22ba8
-
SHA256
b61182634b32940e012d1551df9983cf12b53816c89ccfe8c68b185767362a20
-
SHA512
bb136fc1d84e5dcce27477e3ad9633a24cb4a523618cdea314c759ad7528d20bbb5a9f7f9fadec139a131f8208b6cdc569e4cbeb6e3f45664e34d00eec66dcc0
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-