General
-
Target
Soft-Loader.exe
-
Size
12.5MB
-
Sample
220905-adg5asfhbk
-
MD5
0254f8f9a2ccb5d8c75de45a1cf70bfd
-
SHA1
46561b15cae9a08eff759e1b8ec11e2cedcaeb39
-
SHA256
81f0a119bbfb26b2deeb868ad94926c4cc31366e9dc2498831794b645ebd5d74
-
SHA512
950a1a47625bd19986c04cdc50d5744c98613ff3ad5e42eba985ec447daeee4a6602f64081261c0a1bc56be89ea81f1e3c95ed0714810fcc2e1a7b034a6be8d3
-
SSDEEP
393216:evlI9Rr8C4M8gYeCe3hdKUo75JamYF5t:ee9t8C4MbeenQ/RYF
Static task
static1
Behavioral task
behavioral1
Sample
Soft-Loader.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Soft-Loader.exe
-
Size
12.5MB
-
MD5
0254f8f9a2ccb5d8c75de45a1cf70bfd
-
SHA1
46561b15cae9a08eff759e1b8ec11e2cedcaeb39
-
SHA256
81f0a119bbfb26b2deeb868ad94926c4cc31366e9dc2498831794b645ebd5d74
-
SHA512
950a1a47625bd19986c04cdc50d5744c98613ff3ad5e42eba985ec447daeee4a6602f64081261c0a1bc56be89ea81f1e3c95ed0714810fcc2e1a7b034a6be8d3
-
SSDEEP
393216:evlI9Rr8C4M8gYeCe3hdKUo75JamYF5t:ee9t8C4MbeenQ/RYF
-
Modifies security service
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-