General
-
Target
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754
-
Size
724KB
-
Sample
220725-dtalyacffq
-
MD5
61234732aaee3b52d2a921c61f4a5ca0
-
SHA1
af3b4b38706e62632d33ed46c14db107b2e86087
-
SHA256
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754
-
SHA512
c5db3da3a615f95caed497d86d2582145f1b31e9effd2c16976a55adb12f9f74acd78a728f9f8fda791199f6675dc6b6f388e7465d3d1f89f45dac674d2ab6c5
Static task
static1
Behavioral task
behavioral1
Sample
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754
-
Size
724KB
-
MD5
61234732aaee3b52d2a921c61f4a5ca0
-
SHA1
af3b4b38706e62632d33ed46c14db107b2e86087
-
SHA256
6907f16f7d1e603081bd0252d87947ad80af921222626c521b9b0f2202ebd754
-
SHA512
c5db3da3a615f95caed497d86d2582145f1b31e9effd2c16976a55adb12f9f74acd78a728f9f8fda791199f6675dc6b6f388e7465d3d1f89f45dac674d2ab6c5
Score10/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-