General
-
Target
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
-
Size
10.1MB
-
Sample
220521-m3lj8sgaen
-
MD5
0853a6271139698af5c151ae21ae25c7
-
SHA1
38be19e9cfdb273f24ad89df4a9fbf2305e7b86e
-
SHA256
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
-
SHA512
bdf7de79e3fdda70d8e03b5dfa7d739c127f08b46f509ad6df86c89baa2e4484d1365e897da03003c313d2ecf1a29beec324dd54ef3e2b7ea892eaa25b1d93fa
Static task
static1
Behavioral task
behavioral1
Sample
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
-
Size
10.1MB
-
MD5
0853a6271139698af5c151ae21ae25c7
-
SHA1
38be19e9cfdb273f24ad89df4a9fbf2305e7b86e
-
SHA256
d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
-
SHA512
bdf7de79e3fdda70d8e03b5dfa7d739c127f08b46f509ad6df86c89baa2e4484d1365e897da03003c313d2ecf1a29beec324dd54ef3e2b7ea892eaa25b1d93fa
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-