General
-
Target
44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
-
Size
1008KB
-
Sample
220630-xl1myaghaj
-
MD5
e545f0dcbd848ce0e1594b9efe51b572
-
SHA1
7518a03d5a85c4a919dfb89a85af5f9e5fdf7713
-
SHA256
44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
-
SHA512
8cd58be448e211723a13027ff6fea7a1b28cc7b603627c973022277c36642639aaf3e8b0d865a292b09b6c071375d580e94ccaa29b8f545aca22e0a3568ee333
Static task
static1
Behavioral task
behavioral1
Sample
44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
-
Size
1008KB
-
MD5
e545f0dcbd848ce0e1594b9efe51b572
-
SHA1
7518a03d5a85c4a919dfb89a85af5f9e5fdf7713
-
SHA256
44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
-
SHA512
8cd58be448e211723a13027ff6fea7a1b28cc7b603627c973022277c36642639aaf3e8b0d865a292b09b6c071375d580e94ccaa29b8f545aca22e0a3568ee333
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-