General
-
Target
File.exe
-
Size
4.0MB
-
Sample
220505-bacwvaegh8
-
MD5
f74ccaec9935cca19122478058c39f79
-
SHA1
5dbffbe85764d0bd43a90a1ef8eb8d8c5a540527
-
SHA256
8d2d9d8d937c880d75eb1e4a930f273a0b215ba1b15c07c10a7d902f23b0b08a
-
SHA512
2cb3379d4c37b2d74f3ae51a0cc0551eb146e5ff6822b0b76e15c63d9f6bd116ed569a5a72cd8be2c37695bfa5cb9ebdd08e27803a9d19cadcc6315b2ebde6ef
Static task
static1
Behavioral task
behavioral1
Sample
File.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
File.exe
-
Size
4.0MB
-
MD5
f74ccaec9935cca19122478058c39f79
-
SHA1
5dbffbe85764d0bd43a90a1ef8eb8d8c5a540527
-
SHA256
8d2d9d8d937c880d75eb1e4a930f273a0b215ba1b15c07c10a7d902f23b0b08a
-
SHA512
2cb3379d4c37b2d74f3ae51a0cc0551eb146e5ff6822b0b76e15c63d9f6bd116ed569a5a72cd8be2c37695bfa5cb9ebdd08e27803a9d19cadcc6315b2ebde6ef
-
Modifies security service
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-