General
-
Target
mysetup.exe
-
Size
115.3MB
-
Sample
220519-cslgdacfhk
-
MD5
1c32da9a18b51af4ac59579322a8c5c7
-
SHA1
f09d16ee1822139e4bad3958bd46537c16552c30
-
SHA256
a6dc6c9350b5c01ab00c4241cf233f9d69910f1c431fb25e1fda63e463c64642
-
SHA512
62699c67e96808655cb3b20350e9b44fc8cb132c1153a3228a2a90c8be5dde445dc5113d7d765fda31e44c425d615b1622d497e1d54cb5890d7c402282081c57
Static task
static1
Behavioral task
behavioral1
Sample
mysetup.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
mysetup.exe
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
mysetup.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
mysetup.exe
-
Size
115.3MB
-
MD5
1c32da9a18b51af4ac59579322a8c5c7
-
SHA1
f09d16ee1822139e4bad3958bd46537c16552c30
-
SHA256
a6dc6c9350b5c01ab00c4241cf233f9d69910f1c431fb25e1fda63e463c64642
-
SHA512
62699c67e96808655cb3b20350e9b44fc8cb132c1153a3228a2a90c8be5dde445dc5113d7d765fda31e44c425d615b1622d497e1d54cb5890d7c402282081c57
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-