General
-
Target
c500fecde8b41e100ed5bcfdaf6b6047e4e1958e69c693869772147316bea289
-
Size
7.2MB
-
Sample
220725-h8y1asbbgk
-
MD5
ba37036e2cdabffac8104c8bb68a697c
-
SHA1
9e90bc0443ef5a309717fdf3ffb73b732f59bd9b
-
SHA256
c500fecde8b41e100ed5bcfdaf6b6047e4e1958e69c693869772147316bea289
-
SHA512
4ea81b2afce1f841d4c391027a2a56de18dd40705a52a3c0cd75099017254aeb300391f5f2d57f3f706ea73bebe8f8962b699b17894f9b53d0fa725e65c2567f
Static task
static1
Behavioral task
behavioral1
Sample
c500fecde8b41e100ed5bcfdaf6b6047e4e1958e69c693869772147316bea289.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
c500fecde8b41e100ed5bcfdaf6b6047e4e1958e69c693869772147316bea289
-
Size
7.2MB
-
MD5
ba37036e2cdabffac8104c8bb68a697c
-
SHA1
9e90bc0443ef5a309717fdf3ffb73b732f59bd9b
-
SHA256
c500fecde8b41e100ed5bcfdaf6b6047e4e1958e69c693869772147316bea289
-
SHA512
4ea81b2afce1f841d4c391027a2a56de18dd40705a52a3c0cd75099017254aeb300391f5f2d57f3f706ea73bebe8f8962b699b17894f9b53d0fa725e65c2567f
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-