General
-
Target
067737a46b528dc22156ee3d7ca42fc2e7aa14bd64654fb6095707ed81ab7f19
-
Size
17.4MB
-
Sample
220213-kbaybahgej
-
MD5
d535f841b8869ce8b5d6b951c19c716e
-
SHA1
65acd0863d65efcd81719bbdc99d1058cac3036f
-
SHA256
067737a46b528dc22156ee3d7ca42fc2e7aa14bd64654fb6095707ed81ab7f19
-
SHA512
5cb3d56f6f594727a01391dd3c1647f5aab1b366c2d2efe477bbbf194b158451968b74427ad7668cdaf501fea34c4bdf61fe46f20049feef5a9f6945d0e850f0
Static task
static1
Behavioral task
behavioral1
Sample
067737a46b528dc22156ee3d7ca42fc2e7aa14bd64654fb6095707ed81ab7f19.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
067737a46b528dc22156ee3d7ca42fc2e7aa14bd64654fb6095707ed81ab7f19
-
Size
17.4MB
-
MD5
d535f841b8869ce8b5d6b951c19c716e
-
SHA1
65acd0863d65efcd81719bbdc99d1058cac3036f
-
SHA256
067737a46b528dc22156ee3d7ca42fc2e7aa14bd64654fb6095707ed81ab7f19
-
SHA512
5cb3d56f6f594727a01391dd3c1647f5aab1b366c2d2efe477bbbf194b158451968b74427ad7668cdaf501fea34c4bdf61fe46f20049feef5a9f6945d0e850f0
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-