General
-
Target
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b
-
Size
427KB
-
Sample
220725-r3k1xsafd3
-
MD5
55df99a116a1369f7ad5748a8c82c6ae
-
SHA1
c557457c271b7047df114672390c3ad4f0393b3a
-
SHA256
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b
-
SHA512
260a2728e38daff602cca99116ecdf2175210320b443895917de59d79885d49b96108f250871969e846881a42e7e2217b90e1d3e2486a14f1e2faae5f5b9d7cc
Static task
static1
Behavioral task
behavioral1
Sample
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b
-
Size
427KB
-
MD5
55df99a116a1369f7ad5748a8c82c6ae
-
SHA1
c557457c271b7047df114672390c3ad4f0393b3a
-
SHA256
f175a4c17101843376c31e055083314a20b21f28c9a451aa159818463abd212b
-
SHA512
260a2728e38daff602cca99116ecdf2175210320b443895917de59d79885d49b96108f250871969e846881a42e7e2217b90e1d3e2486a14f1e2faae5f5b9d7cc
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-