General
-
Target
Windows_Host.exe
-
Size
23KB
-
Sample
220923-g3a6lshceq
-
MD5
e741d5bfc78ea9002c079dc8aeee3a19
-
SHA1
67e008479b7b59af8af6a697a9a8631f8973ed0a
-
SHA256
3dcc436b69d621e1d71123ac70836d6f861ba82fc6551390d6702a9670d07767
-
SHA512
e8dd44773abfc86de1a234e33b850b86d762d32232c056b5362857b9f6293ade6fd9164a4eb6e88053eefa01415dfd4da49bab29d6d25fd2f0b565745cb9166c
-
SSDEEP
384:mE+EVqGOu+2HS5BE+ERWzMIQdkROJoJmxIit2XXRqb3RXCROCPxh91aTRRbuwv9+:m9EVM2u9ERunQDxIitPbto7vaT194zrd
Malware Config
Targets
-
-
Target
Windows_Host.exe
-
Size
23KB
-
MD5
e741d5bfc78ea9002c079dc8aeee3a19
-
SHA1
67e008479b7b59af8af6a697a9a8631f8973ed0a
-
SHA256
3dcc436b69d621e1d71123ac70836d6f861ba82fc6551390d6702a9670d07767
-
SHA512
e8dd44773abfc86de1a234e33b850b86d762d32232c056b5362857b9f6293ade6fd9164a4eb6e88053eefa01415dfd4da49bab29d6d25fd2f0b565745cb9166c
-
SSDEEP
384:mE+EVqGOu+2HS5BE+ERWzMIQdkROJoJmxIit2XXRqb3RXCROCPxh91aTRRbuwv9+:m9EVM2u9ERunQDxIitPbto7vaT194zrd
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-