General
-
Target
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7
-
Size
502KB
-
Sample
220707-alj9machg5
-
MD5
82d55cb13eaaa5e5b525de3d5be4457e
-
SHA1
e5f5eaf91a350d343b3cc83124ac18d88a14e67c
-
SHA256
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7
-
SHA512
6d83a12778a44599f2182b5723d58d3c08dbb435945ec27e97773841fd0633594fff37b0b6c5af268046a3b5966b9c5e4fa882699674c9136161fe57ed457b27
Static task
static1
Behavioral task
behavioral1
Sample
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7
-
Size
502KB
-
MD5
82d55cb13eaaa5e5b525de3d5be4457e
-
SHA1
e5f5eaf91a350d343b3cc83124ac18d88a14e67c
-
SHA256
5410c77ad0244714eda03ca8d338566d69149133a9f97bd86dc0c04479a4d2c7
-
SHA512
6d83a12778a44599f2182b5723d58d3c08dbb435945ec27e97773841fd0633594fff37b0b6c5af268046a3b5966b9c5e4fa882699674c9136161fe57ed457b27
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-