General
-
Target
download.dat
-
Size
430KB
-
Sample
220906-r8l56sbham
-
MD5
179dd039b8dab994f76fbcff7097fd14
-
SHA1
6abce14c18dead770e8e2d52b3120ec79abc2051
-
SHA256
f1afdabadabfa8a959435d4e79e3990b82b58474844474eae9151251101ab525
-
SHA512
f3611f1fe05bafc5703903b36fe55a321014df55af619ac61ac7fadaf2dd66c2006ac08bedce0440fb03fa77a6e68338d8092fc29208fdab9327905e1274ca86
-
SSDEEP
12288:/pphUHNwjG0P28Z1pNSZ3+ktXjz5WdCB5GpX:RphsfInp8l+ktXn5WgB5GJ
Static task
static1
Behavioral task
behavioral1
Sample
download.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
download.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
download.dat
-
Size
430KB
-
MD5
179dd039b8dab994f76fbcff7097fd14
-
SHA1
6abce14c18dead770e8e2d52b3120ec79abc2051
-
SHA256
f1afdabadabfa8a959435d4e79e3990b82b58474844474eae9151251101ab525
-
SHA512
f3611f1fe05bafc5703903b36fe55a321014df55af619ac61ac7fadaf2dd66c2006ac08bedce0440fb03fa77a6e68338d8092fc29208fdab9327905e1274ca86
-
SSDEEP
12288:/pphUHNwjG0P28Z1pNSZ3+ktXjz5WdCB5GpX:RphsfInp8l+ktXn5WgB5GJ
Score8/10-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-