General
-
Target
6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4
-
Size
475KB
-
Sample
220521-m443zadae3
-
MD5
3fe593734899896c94cf67b46e032726
-
SHA1
858329090fdcd77b0b3091d8f5fbde54ceece506
-
SHA256
6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4
-
SHA512
cf6ae74e8a8bdf71afa0901dbc556b51d0f40fe2960af8f78f73fe02bc756267cf061b29724c6359323f7e9449e8432f26a1a0a0c120c30964a6058feb779102
Static task
static1
Behavioral task
behavioral1
Sample
POL.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
POL.exe
-
Size
873KB
-
MD5
68a170452e42bcc18b6e91812a08cfc9
-
SHA1
7b710b3d50f45e1f522341713fa24170454d9f48
-
SHA256
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
-
SHA512
280a492aa64912b9329902c22ec4535375673860519db8c65fae2c1fc6e49fed3005d3a20ed01d5e5661c71a32be5de610d97711e8649dd3b3ef1937e2b17b99
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-