General
-
Target
523fc53a3afa854ca34abb66f224281f57467bee9cc0eb10beea5fd14ebf60a9
-
Size
1.7MB
-
Sample
220717-d6b1jaeda4
-
MD5
f2d7e52b6f02da7e308e27681ba27b39
-
SHA1
b96aba9b3e867c22e29c72e083b14f1865a1c7ff
-
SHA256
523fc53a3afa854ca34abb66f224281f57467bee9cc0eb10beea5fd14ebf60a9
-
SHA512
e8e015025b0574e78900c10eaac7d869fec223164181392b2d0683ae87d7a61d645bfed9a1439a586cacc70bb633f5a6d10b7e39b4c5801705bff580412c9623
Static task
static1
Behavioral task
behavioral1
Sample
523fc53a3afa854ca34abb66f224281f57467bee9cc0eb10beea5fd14ebf60a9.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
523fc53a3afa854ca34abb66f224281f57467bee9cc0eb10beea5fd14ebf60a9
-
Size
1.7MB
-
MD5
f2d7e52b6f02da7e308e27681ba27b39
-
SHA1
b96aba9b3e867c22e29c72e083b14f1865a1c7ff
-
SHA256
523fc53a3afa854ca34abb66f224281f57467bee9cc0eb10beea5fd14ebf60a9
-
SHA512
e8e015025b0574e78900c10eaac7d869fec223164181392b2d0683ae87d7a61d645bfed9a1439a586cacc70bb633f5a6d10b7e39b4c5801705bff580412c9623
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
XMRig Miner payload
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-