General
-
Target
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19
-
Size
4.5MB
-
Sample
220508-tb58wsbce2
-
MD5
5aef5a0d347b8c5d6b5d452cb854b250
-
SHA1
e34bce7e0274a114fe8d047899d4cc8a76e7d309
-
SHA256
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19
-
SHA512
88cc999f99c4265209e4a250ef24d8d8c786acd65282b952dbe989e9c76d0ff4feadf62220e58f1656ded97590672d16eeb7fbfb824f22015805385fbcc6a725
Static task
static1
Behavioral task
behavioral1
Sample
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19
-
Size
4.5MB
-
MD5
5aef5a0d347b8c5d6b5d452cb854b250
-
SHA1
e34bce7e0274a114fe8d047899d4cc8a76e7d309
-
SHA256
c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19
-
SHA512
88cc999f99c4265209e4a250ef24d8d8c786acd65282b952dbe989e9c76d0ff4feadf62220e58f1656ded97590672d16eeb7fbfb824f22015805385fbcc6a725
Score10/10-
LoaderBot executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-