General
-
Target
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60
-
Size
502KB
-
Sample
220707-amcaeachh7
-
MD5
218919110813ca9a69f0e079de98c663
-
SHA1
e07786ff33962d02e1572bba32a7bb97f7eae395
-
SHA256
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60
-
SHA512
46659d206f25b614ddd986f6f6b8a8adb191c20d07e855f6bb856932b494a71693ef6a9d09c0ba7bae524365715a207d031b743fd19f8efc74e5cac46d509c26
Static task
static1
Behavioral task
behavioral1
Sample
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60
-
Size
502KB
-
MD5
218919110813ca9a69f0e079de98c663
-
SHA1
e07786ff33962d02e1572bba32a7bb97f7eae395
-
SHA256
896428754ec1b841b1e711be9298b67433e512f6f89ff76ecdfff79364394e60
-
SHA512
46659d206f25b614ddd986f6f6b8a8adb191c20d07e855f6bb856932b494a71693ef6a9d09c0ba7bae524365715a207d031b743fd19f8efc74e5cac46d509c26
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-