General
-
Target
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
-
Size
2.2MB
-
Sample
220309-sp2beshgg8
-
MD5
f8c8ebd884d22e0866c217d24c16042f
-
SHA1
0b9a6f2e1d735dae6f979c4bb357b565614b721d
-
SHA256
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
-
SHA512
3114b0e3984f6d566378a7dcda39ab6f48da57b71462f283e28d94e980b85d93f5a4e84ab74e3a83e90f8f148a768684fd45585fd7844207f448baeb93bc4787
Static task
static1
Behavioral task
behavioral1
Sample
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
-
Size
2.2MB
-
MD5
f8c8ebd884d22e0866c217d24c16042f
-
SHA1
0b9a6f2e1d735dae6f979c4bb357b565614b721d
-
SHA256
6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
-
SHA512
3114b0e3984f6d566378a7dcda39ab6f48da57b71462f283e28d94e980b85d93f5a4e84ab74e3a83e90f8f148a768684fd45585fd7844207f448baeb93bc4787
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-