General
-
Target
812b1d108e722fba2b10db9acb567b6da6958b7d1400f6ff7b75a738656fc4ab
-
Size
3.2MB
-
Sample
220923-h7rjtsddh8
-
MD5
5a4fa49515dc11f5cd0060588368ce9b
-
SHA1
c571d6fa683c0d9dae04b3a8865376cc9e45e1c3
-
SHA256
812b1d108e722fba2b10db9acb567b6da6958b7d1400f6ff7b75a738656fc4ab
-
SHA512
0d3ee5b2e03d7a0b43d49126fc69d6b67a0450ddac1b7495cb7a0a2c6dca39e74ebcb5a0bcf8760089be3fe9af4652d45d789f2db11a57fb266be1e5b34180f8
-
SSDEEP
49152:LzdZ5qya3tyKvrQnQZZ63Xoxqnp7nryM5f6lZ91vFjPuQg9:n/5bad7v8nUZ63Yxqnp7nryN1vFj
Static task
static1
Behavioral task
behavioral1
Sample
812b1d108e722fba2b10db9acb567b6da6958b7d1400f6ff7b75a738656fc4ab.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
812b1d108e722fba2b10db9acb567b6da6958b7d1400f6ff7b75a738656fc4ab
-
Size
3.2MB
-
MD5
5a4fa49515dc11f5cd0060588368ce9b
-
SHA1
c571d6fa683c0d9dae04b3a8865376cc9e45e1c3
-
SHA256
812b1d108e722fba2b10db9acb567b6da6958b7d1400f6ff7b75a738656fc4ab
-
SHA512
0d3ee5b2e03d7a0b43d49126fc69d6b67a0450ddac1b7495cb7a0a2c6dca39e74ebcb5a0bcf8760089be3fe9af4652d45d789f2db11a57fb266be1e5b34180f8
-
SSDEEP
49152:LzdZ5qya3tyKvrQnQZZ63Xoxqnp7nryM5f6lZ91vFjPuQg9:n/5bad7v8nUZ63Yxqnp7nryN1vFj
-
Modifies firewall policy service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-