General
-
Target
8F725C902BF561F62CC1A3331460AA5FA6AB08E9E54FD.exe
-
Size
13.2MB
-
Sample
220826-hmg5nahgc7
-
MD5
44ced2e7e68074eeab69c861726736b3
-
SHA1
4f1510ba12e1d90b11169326a3d8ee847383c329
-
SHA256
8f725c902bf561f62cc1a3331460aa5fa6ab08e9e54fdebf6ebcd476a2ab8982
-
SHA512
c5c8331a7280949f4b8e109e5cb2de30e71da413e741949adf501db4ddf75fe9a977158a6a57823d3c714065583c86e0506e514cdee833c202393ff6024e148d
-
SSDEEP
393216:hG1uv/z3OcitnplQ8p2DG82n/YcV2JZAeV3I9HI:4Ivn0plQ8pbUZA83C
Static task
static1
Behavioral task
behavioral1
Sample
8F725C902BF561F62CC1A3331460AA5FA6AB08E9E54FD.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8F725C902BF561F62CC1A3331460AA5FA6AB08E9E54FD.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://thearakanpost.com/forms/scv.flv
Extracted
https://thearakanpost.com/img/min.exe
Targets
-
-
Target
8F725C902BF561F62CC1A3331460AA5FA6AB08E9E54FD.exe
-
Size
13.2MB
-
MD5
44ced2e7e68074eeab69c861726736b3
-
SHA1
4f1510ba12e1d90b11169326a3d8ee847383c329
-
SHA256
8f725c902bf561f62cc1a3331460aa5fa6ab08e9e54fdebf6ebcd476a2ab8982
-
SHA512
c5c8331a7280949f4b8e109e5cb2de30e71da413e741949adf501db4ddf75fe9a977158a6a57823d3c714065583c86e0506e514cdee833c202393ff6024e148d
-
SSDEEP
393216:hG1uv/z3OcitnplQ8p2DG82n/YcV2JZAeV3I9HI:4Ivn0plQ8pbUZA83C
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-