General
-
Target
f631a26995eb4db06e561658b38a52751d32ff99ee1a19a9a79a3d6d1375c39f
-
Size
350KB
-
Sample
220521-nzrshshedp
-
MD5
7c42f57b99eaf669a6892a801612e547
-
SHA1
6671cc04b90e78daef793c781bc96cac3d7b003f
-
SHA256
f631a26995eb4db06e561658b38a52751d32ff99ee1a19a9a79a3d6d1375c39f
-
SHA512
d733fc681eca1cc1b003e70a1d9192eeeb36571210b95b2d80e5eccf47cb6526bf20ae0672373cb46a71c8ab67d2e3a2b1fb51a633b6ca969d61cb45ca2285ec
Static task
static1
Behavioral task
behavioral1
Sample
0987 Salt Makina Teknik..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0987 Salt Makina Teknik..exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
0987 Salt Makina Teknik..exe
-
Size
757KB
-
MD5
d150fab1d3923ca48b2d3730ee447279
-
SHA1
1b6843bfb8f924cf356e6e149ab5d74d75125ae1
-
SHA256
35a94d699b3b76654146147d5049a618067f3c2081f0b90d28f2b0cb4baf9df1
-
SHA512
1d55e07820a95412a8fd6c0859b6eddd306df4e9e9ecdc3fc44669a575a6a6b6c600589e884b721ce3c56913675b3ffd55eaca5935e5a807538b61034094ce76
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-