General
-
Target
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.zip
-
Size
6.1MB
-
Sample
220518-a971labcf9
-
MD5
1f3c765913617a01d4954e13142589e8
-
SHA1
28269a052b131d1455c2e194037be1fd3b29b91a
-
SHA256
2917d37a1531a370ed83705fac885ab8aa568886a326cf6233073436bdd2585e
-
SHA512
5f0db96856854ea4ba62596f1114ec3958f259c669915f32fb4411f7959ccf4436760d7d63ca25f0f50dee0463cf13740bf7df0d4ce9414eedfdf24c02181d74
Static task
static1
Behavioral task
behavioral1
Sample
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://supportnimbuzz.hexat.com/3/Att.jpg
Targets
-
-
Target
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.exe
-
Size
6.1MB
-
MD5
5f9e61796a21e65f9a03f92ee6a8f6d8
-
SHA1
d6032fd04db0fbb6195b6e8d31491a3fc289f1ce
-
SHA256
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba
-
SHA512
402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-