General
-
Target
u3bgJ5M1g6GCfYr.exe
-
Size
37.6MB
-
Sample
211106-srlczsefb5
-
MD5
0e4e2229de6909410804f542309c07cc
-
SHA1
cecc3055e14565a6e45a31443097d4d298b367b6
-
SHA256
768d3452d921ae6408f0ef090c834ad6ad7ae2f8181c20bd3b0da920d2261322
-
SHA512
afbb87590984d95fd93769ff6d68afb99ce917934d559df645c89dbb585428bd7a8effb029be1efd35fcb0395c8e05b49f908076e617d790a7c4f9ccb42e13b2
Static task
static1
Behavioral task
behavioral1
Sample
65E82428E803B963CF4A5088DBE621336D95AC4709460B08729AFD598FC60151.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
65E82428E803B963CF4A5088DBE621336D95AC4709460B08729AFD598FC60151.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
65E82428E803B963CF4A5088DBE621336D95AC4709460B08729AFD598FC60151
-
Size
37.8MB
-
MD5
91e3098e760c1bf3103d7e8bbb1dd68d
-
SHA1
e8e53db8efd488a4fb062c208851f60f0373a12f
-
SHA256
65e82428e803b963cf4a5088dbe621336d95ac4709460b08729afd598fc60151
-
SHA512
d3513049d9a3feafe7ab33695998227a85bcccc255bd488e927ff5ecb541d001568174c43b36a5764c598bf7ba974f12680c94480242a761161832e9ead53822
Score10/10-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-