General
-
Target
f317a59ea553e2fbdeb151cf71b6baf33ab337f61abd2d14abfd06309dca1c4d
-
Size
541KB
-
Sample
220520-3tzy9shee4
-
MD5
d4c4ba434338058c59a3086acdb2539e
-
SHA1
04eef30c111240b5bb1c035e022b60fc31000207
-
SHA256
f317a59ea553e2fbdeb151cf71b6baf33ab337f61abd2d14abfd06309dca1c4d
-
SHA512
8800cfa243aa1ec5933680189266ddad4ec6b05f9571f9b150a23ad3bc10e51852b4a0574eb8303724a5caff61aeabb73ad836a299e6b37b8613b98d6b739fa2
Static task
static1
Behavioral task
behavioral1
Sample
f317a59ea553e2fbdeb151cf71b6baf33ab337f61abd2d14abfd06309dca1c4d.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
f317a59ea553e2fbdeb151cf71b6baf33ab337f61abd2d14abfd06309dca1c4d
-
Size
541KB
-
MD5
d4c4ba434338058c59a3086acdb2539e
-
SHA1
04eef30c111240b5bb1c035e022b60fc31000207
-
SHA256
f317a59ea553e2fbdeb151cf71b6baf33ab337f61abd2d14abfd06309dca1c4d
-
SHA512
8800cfa243aa1ec5933680189266ddad4ec6b05f9571f9b150a23ad3bc10e51852b4a0574eb8303724a5caff61aeabb73ad836a299e6b37b8613b98d6b739fa2
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-