General
-
Target
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac
-
Size
140KB
-
Sample
220625-es18yafhf7
-
MD5
8f3b91fab3b43f4ab87c0b0a313a21c5
-
SHA1
4a7108276f093be0336f7f457f5973b86a0ad587
-
SHA256
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac
-
SHA512
15c369e28128f796de46d7efa88c50ff32ebc58beaa3c62d935c9f2f690ffbcf17381d894c95653947c895a54bc849c995d282e1ed32d4a703c3d9333041337f
Static task
static1
Behavioral task
behavioral1
Sample
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac
-
Size
140KB
-
MD5
8f3b91fab3b43f4ab87c0b0a313a21c5
-
SHA1
4a7108276f093be0336f7f457f5973b86a0ad587
-
SHA256
5ef82b40d2f8ba80a91f4c518a457ad003cf4c44343696f4af2396626b8fcaac
-
SHA512
15c369e28128f796de46d7efa88c50ff32ebc58beaa3c62d935c9f2f690ffbcf17381d894c95653947c895a54bc849c995d282e1ed32d4a703c3d9333041337f
Score9/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-