General
-
Target
TrashMalwares-main.zip
-
Size
313.6MB
-
Sample
220918-rjc6zafcdk
-
MD5
e2c31f35c8c773f1fdd162f8a457e3e5
-
SHA1
a5a6f69273c8945c084c9c147b6e83f96e90aa5c
-
SHA256
a9027c6070365053c3cb91261991c71f1d3a63707df8467e413847f344b3af4d
-
SHA512
bcfcb330c5e26c03f53dacf4bbd73a7406b2c4c85c0b5b537db29abd2d658b8e6effd1171350c138bbea82dbfde2249742e60de37bf9753fd31baa2962fc83b2
-
SSDEEP
6291456:pWjvY0cfPUY0cIQ07pJ2dXfYvSQr5JxriK9A5cFbMdHziD8hD7+:pWzY0c3UY0c5madgLZn9ecF4dHzq8hDC
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:19354
a4a592a96ea7c45f9ee4a9c42a1e0f9d
-
reg_key
a4a592a96ea7c45f9ee4a9c42a1e0f9d
-
splitter
|'|'|
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:5552
127.0.0.1:19354
4.tcp.eu.ngrok.io:6606
4.tcp.eu.ngrok.io:7707
4.tcp.eu.ngrok.io:8808
4.tcp.eu.ngrok.io:5552
4.tcp.eu.ngrok.io:19354
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
lolo.exe
-
install_folder
%AppData%
Targets
-
-
Target
TrashMalwares-main/AcidRain.exe
-
Size
401KB
-
MD5
ca7d220a719d83aa0dd379dd2c31037a
-
SHA1
88518880ee68f2b108a99449da73ec92b5e3658a
-
SHA256
fa9189d2c7408a9f3bcb0af1be7f00ba71af5014a8bca0986eb11a891fa6c8b5
-
SHA512
eee05cd53f4f5edf6c6929a294284473c39b8193b211a3165333ed65c38ea4e9d5cc6a8e1a1ae2bb38652e83bc7d2ad20fa6d38f8cdbf3a94a7a10fb6358af78
-
SSDEEP
12288:aToPWBv/cpGrU3yy/paSymdM3Gi3AryjBi:aTbBv5rUVRdM2iwejBi
Score8/10-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
-
-
Target
TrashMalwares-main/Antivirus_Installer.exe
-
Size
89KB
-
MD5
70ec6f9bec87d67c435a2b8505a72629
-
SHA1
8dae4c1727c73b3c1135b633e4db69e60ed522f1
-
SHA256
1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8
-
SHA512
4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c
-
SSDEEP
1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS
Score8/10-
Downloads MZ/PE file
-
Adds Run key to start application
-
-
-
Target
TrashMalwares-main/Dro trojan. Virus prank.exe
-
Size
1.8MB
-
MD5
af483a4c67d358dd807194ef89484f1e
-
SHA1
4aefb5884e289fb85af3f5a5bec344b738073603
-
SHA256
480ca2097e13abb1444b69b0d984961702f8ee8122fc0f0acc5bff217d253854
-
SHA512
e5739841097828a7789e7a3317a0efa1ce4c109490df1d1ce62e559fa555affc7aee69d389bb50d5dbb4bf5d1d87d94a22cf4a5b9a0e3d7da3b48813c1c75917
-
SSDEEP
49152:ysNjxEmz1dG6HOMlDTsBQL/difgzGSe5Wa6IQ:yYymicDT2C/EfyuUl
Score8/10-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
TrashMalwares-main/FaZoN.bat
-
Size
1KB
-
MD5
2a2c2cca38f2e34ee666d4534834dcbb
-
SHA1
8ffa496f4e56c6406f8f965059483125966c6fdd
-
SHA256
6397c16efa9b0ff4732002d37a948192b1df49c0c2c927806622fa59d3ac1b46
-
SHA512
e05a896d8bcad42c04b69c14be3b625d1f586049b2a5925d08bae47f47429b44669904e22daaf94c003bbd697957bddf6067e1aaccc9dd4cb7c607a1d78686d0
Score8/10-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
TrashMalwares-main/Fizz.exe
-
Size
92KB
-
MD5
9819bbffcb5a080decc8a82287c5b0e0
-
SHA1
14141500777c63f0578711c0027f28376217e504
-
SHA256
a1f6a55809b069d0c1895b2f6f5ef5a625cbb79a266b95f6c0fb6ac638ce33a8
-
SHA512
e495367e2be9049aa347fff94dd8f5046d9696e894434d081965ca9c6dc956977f63b11bed146ba3e43765b57dc2f820d25d2f4338f54f60885ea367d3bd9088
-
SSDEEP
1536:AHX12ic/eMRXdFsf3B3HR8STDBVog8S81/Lxbj3V7mTEyqp5aOsWPcdxhrHhNTeQ:AIi1mSfxtBVog8S81/+qp5cxh9NTe3
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/Ginxide.exe
-
Size
56KB
-
MD5
13811477a50b8732d73637be82c63990
-
SHA1
9f47b89ec3e902bf8f7a20565d37d04f3ad76ddb
-
SHA256
68bc599cb133596d945cb0df6031a91ccfedd4d81626b0f43cd778f392efdc17
-
SHA512
a79960c635da5c15a1cc5851f1b642f7fc893e2f4ceff2853ace3c8d03e6eb561c727e964d64d7c4410b461a8531995421fd893d8339b91260bdd2cf51854ce4
-
SSDEEP
768:nyth1HLvrFaYJBjKnKH5R/UtImG0YrpLHk8HoLMnEtk6IF4iLF/IAIb/BIc:nyt3swBjMy7Uim7YrdwInG2I
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
TrashMalwares-main/Install Windows20.exe
-
Size
24.4MB
-
MD5
8c7065d7b4ce7f50e145bd6082204b00
-
SHA1
40e4bea57fc03d3bed8b4614ec790242cc0650f5
-
SHA256
9b66b0914cad75dd3072726f0a7b3d21db55bd205f409a6ca46472cfe2a78eec
-
SHA512
560a438e307e217875a8a9227187e22027dc48c58b9fe1041361d6d8a5cb917728ae22655af084f9b38e45928a7ba1b15eab6e7c2d4d6862391e82eba00583f6
-
SSDEEP
786432:KJ4Hil5v88iWkupGx7xvkCBiWP9BKBB5zw8:K2CfiWRMaCBiW1+59
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TrashMalwares-main/MS-RickRoll.exe
-
Size
19.6MB
-
MD5
f2ac7d7d538e97ffb162fe63ca395a05
-
SHA1
a283014d55873fba0f00fc4b030581254610639a
-
SHA256
ccbb3d3838216d5a5881fc256c10d5d560885cc18a14a76461c9fe872af3bf0f
-
SHA512
50784fb9705733e45541eeb9df83e73d8f530bffd87ad99ae37c23c8a9c216d583a193f58046ea49e5c727d5aa9154d583911706feda56531ea45f3438194e96
-
SSDEEP
393216:+rl0rPQCLXuOSk2+t7DPQCLXuOSk2+t7Vl01:w6dLrNJtvdLrNJtJ
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/MercuryXhoffle.exe
-
Size
6.0MB
-
MD5
f72d4ee1ff7439bda08ce89b606a6f08
-
SHA1
40673463d8fe4ac1b53c5e35642e6a67fe252c41
-
SHA256
15bd99bd0c7c8a7c5836e687db2d7eded6195491df7e5f04633e33e66ae8361c
-
SHA512
c8b3b3ee73de22492e1455bc68405924861ff2814ff2bcf627df04712f33d30d3e63a3835f8b6b41bd254269e22c4da6d655fb718d6b4e97c9a2706ff8040976
-
SSDEEP
98304:lgJZv2O7hzxNA5P7Mb5mXHMDU+WDwL0ubziP7Us8F2m5rylw/ViFkfGOzNL3kz3f:OJ92OH6Zwb58wU+WDFFu2XlwXGKNLEjr
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/NetPakoe.bat
-
Size
635B
-
MD5
6c5a9741a170d3ac2e2c89d3e91ea6ea
-
SHA1
7034266eefee8c6437d966f5d91ea82e50e10d59
-
SHA256
4d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616
-
SHA512
9dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c
Score8/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
TrashMalwares-main/NetPakoe3.0.exe
-
Size
188KB
-
MD5
912c74cb1e5e132515956f5c8470114a
-
SHA1
71556617096cdb4b70b220568f1d3697362c14a5
-
SHA256
6376111c1c39414187abeae4c6a75ae58351b2202802afc9bde2be5ceae0f400
-
SHA512
c4a0a299d085a33e567ebcc6586c911a130425c805d71175362c09c46eb0739a040c787fa1d3f9e9f06aad14bac686adc10d1bae75602e96f1c7238f3d4e73d6
-
SSDEEP
3072:YhM2idhON/D8259BH1DzJ5PzVNtGgc+F9TBfV0gwzH:Yh3idhONY259BH1DzJ5PzVNtGgc+F9TA
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
-
-
Target
TrashMalwares-main/NoEscape8.0.exe
-
Size
15.0MB
-
MD5
1c18f75dafd667fb5559cf9b7cb5868e
-
SHA1
deab3392cf25ebc52f15ecdcf7e4187dcaec81f7
-
SHA256
bf3c03ff11e6610bbf806084ec2d58cd5aacb87e52cbf965a789fa74584de3a5
-
SHA512
c68c8ee27265c81e7bb6ead434436398d198b9c2ce83092a8deb8539045b10b47ed660e2451297edd7eeebedc5254000fd5ad481f4642f64f4d74d6a964d3015
-
SSDEEP
393216:ph/RLjBJPkh/6StJ+4qnWSz0hgSovW+PABRMW:phVcm9z06WEORX
Score8/10-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/PC shaking v4.0.exe
-
Size
21.7MB
-
MD5
d2eb6a0f3b1353b6f60c1ce3a63ef8d1
-
SHA1
a879af3e84106f4da79519ce08643eeb91f72a15
-
SHA256
b8d65832342d1fec828025eacbcc6e1df9c2f3276524a4abb1a965707fd475ee
-
SHA512
9473e711b785eba3e5cfcb36437069a96290864fe9562a5619d95f9fac9c0b46b0c3c942be8ff7fec4204a938392e8be471ea6ce683027cd29b181028b0e2481
-
SSDEEP
393216:MUbg/uqZ8EuLjIlYgJMFBoJPYG6O4BcwikWGmivl4yA1cmBBS:6G9LjHgUOJPEOyresC4
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-
-
-
Target
TrashMalwares-main/Phsyletric.exe
-
Size
97KB
-
MD5
4db23cf50f64a83759db9df6ad222d65
-
SHA1
8ed2c2d8c8c0e5b953559adf6e8765f505cccdd2
-
SHA256
465f8bf12fe8fc53c9ef45e498b5f9d95b783c61096147bbc09182f6d19dd129
-
SHA512
615735ab5bbd78c1e72dc2c6b7066d0fe66894d29844e1557bf08af319c5c38c883ac8c5ecc248637d8d91b83aad731be5476a4826b5101a02810f27b2d89644
-
SSDEEP
3072:MbDwt25lOqFieKe/xzJdekGFq8YbFwIf6Psq1:MbDAEIq396Psq1
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/RealBSOD.exe
-
Size
277KB
-
MD5
1092ecd10230551ef8cc90c32f103921
-
SHA1
d9c539c583164c23d3f62b9c9e659bbde59dcbe7
-
SHA256
21e9c64b50918b43b657b4b11bd1d54d70c69723fca117a077ffb38ec4cd5fec
-
SHA512
4fb10500f88bee5b57c255f8e776cebb5dd99729e7a2df3978347fb24541770a2f2865c54d1cf9989caaf1cb54a43f84fb4f33aadcf5135c85380927648f2b6b
-
SSDEEP
384:iVk9Nwhkf6tx5rzVuNbhKxl3G2P6ffBjDSi8NrFFqq79l/916UcQ55Q9MCL66pnx:4hzQNbQG2PA0eACGwnatYcFtVc6K
Score10/10-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
-
-
Target
TrashMalwares-main/Sankylium.exe
-
Size
1.3MB
-
MD5
04ba1b7ac7f516e37dbeb2d8391fd9b0
-
SHA1
541890ae3985e99e4e9748aa59411c287e5800d1
-
SHA256
d9df0994720c5d8fc92e7d0416984575aa30faf8c334463435a76af3ec7d0cec
-
SHA512
6266c2cf969a9b08303032cba6c54f3598648f0f3da17926f0367dcf0edaccc3ff25f936f495ad02f7c8b4dd524c4230d2a5aecfafc5077805ff22d8657e21ea
-
SSDEEP
24576:wmaUgySjNqBEmg4KDPowWMCRd53M9MNMVBvtEMFlMoYMMMsMMMLUMgMMMMM3wMMF:Oqqmg4kPowWMCRd53M9MNMVBvtEMFlMd
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/SuperWacker.exe
-
Size
335KB
-
MD5
57e07c87d9ad4831c2f54584b8805901
-
SHA1
e8701ced964d08f7d4be70814e457f292bf798ca
-
SHA256
38cd530d4c48b9e3e9ba7a43f5c34404ead13237f7db093142103a94b82ff5b0
-
SHA512
85632a293b5c05ebff197ca1667a50c3b0a4d35c0bbc469af82764447dbc73111395fa213a6903a5f1447fb809a2ae49584b2fe54549f6782a990638602aa5eb
-
SSDEEP
6144:6D4m3lEo62uPK9T9rak9gora16oTllf28gO:6DX3juZk9goratll7gO
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/TEMZ.exe
-
Size
145KB
-
MD5
e6168901057164d16298ef87a38efa66
-
SHA1
6299e0d6fdd292a49a881292cadfec443ed98825
-
SHA256
d67b2b20d9400ffb4415cb0ea40bd5d4652c662957cadd090d103f2976c12f4a
-
SHA512
4aecffe0e84d706ffc7c7535ade9ef0b5f51f3aca7b8e579ac2fd178685fd068662b79b3c5fd3acc312d6504d900591944c84e9c141c3ffd1b61aa8970fe0bec
-
SSDEEP
1536:+X1x1vlxaCFPIwM1vAkiaAtSjnfF53q0kQAHNIsWBqCJcdGzgs+mjkIeoSLVlDao:+pWwM1IpDtSjfrEt1FGzgs+aJQtsc
Score1/10 -
-
-
Target
TrashMalwares-main/ach.exe
-
Size
837KB
-
MD5
ab4470038abfcf2550f50cb94537165e
-
SHA1
2aaa0e7137e2c09ab7f0cc5bcaf088521edad9f0
-
SHA256
7c80903c5d1765f106a9a25187c32b40a9f7ab11ebf40d8117ba5b80acc5f3e9
-
SHA512
b6853047083ccb5e4d0c13cad934366506dfb3decaefc9a06c26a255b1d0704b38047cafba2daa4cfb1bf09b3ef5ebe79153eee0ae8ea5cc8f534f280c50e7f4
-
SSDEEP
24576:+TbBv5rUlI6ZpBuTC/wYsxeB252QRoOXMf:ABRHC/Rso23RVXk
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
-
-
Target
TrashMalwares-main/even0.5.exe
-
Size
2.2MB
-
MD5
fd458518fdea359c687c89a2042708de
-
SHA1
a7cca7d91a04f1377d37199f79eb32ebb1d4fe82
-
SHA256
5bea698d10011639e532025f83dc62bf9adc7bb424a0c58c803894937226e6fc
-
SHA512
3364926b3d0f3494dbb4827921cbd4c582a83cf54d291eead824c21ba07c195105e0af875448c4aff03cd0ca261668ee8bc07023e99879326b1f8edf5d7486cc
-
SSDEEP
49152:Fq+b0nArGa1U+nlhCXi4fRrjPZQDbyWrEWNhXa5JqN6G:Fq+bTPXCS4JrjhBWbXa5JqgG
Score8/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
TrashMalwares-main/lol.exe.njrat
-
Size
37KB
-
MD5
9b83bffc3fdc0219471d937e2343d5d8
-
SHA1
9e45b98a6eb05399ca5e20504e965844f9d1a406
-
SHA256
982e75c4603d2e02864bdc6847020f5ee29c7265639e8a040fe37ae241f6433e
-
SHA512
781b6cbca6cde428094189e12443c8723e543ac3df3a42b69e9eba83c890602dd31878eb33dbfb46a593d9746c9e14b024e81341688439851dff269446c56322
-
SSDEEP
384:NwSvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXs:uS7TZ38fvCv3E1cQrM+rMRa8Nu29t
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
-
-
Target
TrashMalwares-main/mhm.exe.asyncrat
-
Size
47KB
-
MD5
21805f1841b424d2f2f107b408df2305
-
SHA1
d2ec7cbf70574673bc976075a48f7a14f4afeaa6
-
SHA256
b770e340090d677b9ad89ddca7e21fc435cf4562e9b14ffdb72e5134a0e3418f
-
SHA512
35e1910353ae781a030c535d79de686f28a51d4beadeef5702ef634c8000d9cd617e7f5d9a75aab0e06b545c375e7564b0fdceee3fd655735d1fae2cd137338b
-
SSDEEP
768:WuI3dTsErkZTWU/APhmo2qbmQccCV9xfqAsPIwT4viyI0bS2er4PoIhXKb1cKnxq:WuI3dTsX22J/N+ARwT4v9bS2A4gGKb1w
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TrashMalwares-main/winnit6.6.6 V10.exe
-
Size
5.8MB
-
MD5
28258bd9de6f0127035ed41c6d027660
-
SHA1
03a805ac69a2ff3fda5eab132c563a4b78c8d714
-
SHA256
4466771e8922523602f18ec194477eccdaaf0327bebeb429e5bcc79df7e88023
-
SHA512
c85002b9ae4b310925501ecc5ca619ae85df8a2a6bde20204aa136f5162a3ed05879bd327a0c89ecf33deb60786067c7b0ac28b04e9103f5de895e035f2fe78f
-
SSDEEP
98304:tuWPfhCeliyuv733FTvN1EDfc4YIRwv0mmdYSAaHmtlY2K7uackr6z+hZdERW2c+:t3c5D33Z86mW0muAaHtiaN6z+GRCXFJ6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TrashMalwares-main/winnit6.6.6_V6.exe
-
Size
6.0MB
-
MD5
acd13b118162f790b36050c3e78f42f6
-
SHA1
ad9bb7583b0e97d91230016ed03e268caea249ef
-
SHA256
230c64e86ac91bdeecec4040dc8df3ed11ab116942a08f841c0a093dfe914a37
-
SHA512
2eba153a5ff21cdf0491e8da8475bbac37b9f4a7755d076388897de2a8c484f05df3b4b3f8f5578ce87c5946c3e57227051a2050bab018ea332f369970d33fe6
-
SSDEEP
196608:tdGac5D33ZJtKEnD0S6ftqQt5/2FzHo3y:HV8DZHzI/7tMoy
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TrashMalwares-main/x.exe
-
Size
88KB
-
MD5
eb5ad0a90c7c3a23b51243844e41d780
-
SHA1
f07ad60430f5316cbfa8297c0fe8c69600f9f647
-
SHA256
d3032a664ef73356f62babe4ce53be27a7b0587f4c10036b4eec61a5435cfadc
-
SHA512
3bd11b208af263bec179931d0a55d29fbed59cca6ee8e2bb840d84ee52838401574b1812db3de792edf762258d108585fcf00a380e58b451a2e02180d3603122
-
SSDEEP
1536:kmHmtXYg8pWDM021JlT68U/xoA4YoiGnEZVsu5zNrMjcXdUd:xHmteWDM02nlcGTYoiGnEZau5zNrMjcw
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
13Bootkit
9Scheduled Task
7Modify Existing Service
1Defense Evasion
Modify Registry
20Bypass User Account Control
1Disabling Security Tools
1