General
-
Target
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8
-
Size
3.9MB
-
Sample
210902-6nr3zm1qya
-
MD5
1172133c5174fcc69b7376efe3cdf91d
-
SHA1
7492a278541a7161eb4deb3829deb9bccffe91a7
-
SHA256
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8
-
SHA512
41315d272ac32c052944860ba97e966a8e0a7aad4e17a9c1ba6ae5e8ee2fc522c5f5187665541e1858be0c4bc8f71d9940c6623f190cc46e5445abb723ed3404
Static task
static1
Behavioral task
behavioral1
Sample
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8.exe
Resource
win10-en
Malware Config
Targets
-
-
Target
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8
-
Size
3.9MB
-
MD5
1172133c5174fcc69b7376efe3cdf91d
-
SHA1
7492a278541a7161eb4deb3829deb9bccffe91a7
-
SHA256
198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8
-
SHA512
41315d272ac32c052944860ba97e966a8e0a7aad4e17a9c1ba6ae5e8ee2fc522c5f5187665541e1858be0c4bc8f71d9940c6623f190cc46e5445abb723ed3404
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-